{"report_id":"5a37bdbd-048f-4926-a06b-fb58eeab7115","version":6,"status":"done","tags":[],"date":"2026-01-18T23:38:56Z","url":{"schema":"http","addr":"xz.imtokeno.vip","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":0,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"xz.imtokeno.vip/","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"title":"imToken | Ethereum \u0026 Bitcoin Wallet","dom":{"size":35068,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1302)","md5":"b9b85ec2ac632e4e036b897e3a235c06","sha1":"3eacd841225f2e88132db600fa07018c7f4929e5","sha256":"b1ed59c1baae5e7a0578820257fe1507e00a84bb13042d31dcab0481a580d1c5","sha512":"c3a166927839bbb275097232cd80d147cab98761c25d45174ec536287704a6b547182d621c6d234acc1ad240396760f957d373ec6b5bb288bbab985c848a0ab3","ssdeep":"192:DzBs8lHueOkc/ztJ5HFcbFBZuuZdFgDotspRI4kmIOGzMLdPzs4PRC1/MhOfn7rf:3BnHkvcbfZt6W8Pzs4JNa7ESFXcbDPm","tlshash":"c5f23e739df6d5670192e4c1e875ba2ede81d523d8a99805f2fc4bc19f82eda8e0740c","dom_hash":"domhashdc375fd042abc497f1f332e64a9480cc","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xz.imtokeno.vip","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":0,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-22T23:38:56Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"xz.imtokeno.vip","ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-04-06","domain_rank":0,"first_seen":"2026-01-01T18:50:02.293446Z","last_seen":"2026-01-17T02:36:44.662889Z","alert_count":396,"request_count":66,"received_data":2873099,"sent_data":30328,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Ant Design","description":"Ant Design is a UI library that can be used with data flow solutions and application frameworks in any React ecosystem.","website":"https://ant.design","common_platform_enumeration":"","icon":"Ant Design.svg","categories":["UI frameworks"]},{"name":"scrollreveal","description":"","website":"https://scrollrevealjs.org","common_platform_enumeration":"","icon":"scrollreveal.svg","categories":["JavaScript libraries"]}]},{"fqdn":"beacon-v2.helpscout.net","ip":{"addr":"3.167.2.34","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2010-03-28","domain_rank":82670,"first_seen":"2018-04-06T09:27:19Z","last_seen":"2026-01-14T13:18:31.406049Z","alert_count":0,"request_count":5,"received_data":195566,"sent_data":2168,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-01-12T01:35:28.651228Z","alert_count":0,"request_count":2,"received_data":30932,"sent_data":1059,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-01-18T22:20:30.851037Z","alert_count":0,"request_count":1,"received_data":224,"sent_data":540,"comment":"","tags":null,"fingerprints":null},{"fqdn":"token.im","ip":{"addr":"172.66.151.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":79762,"first_seen":"2017-03-15T06:46:09Z","last_seen":"2026-01-14T14:49:52.57727Z","alert_count":0,"request_count":1,"received_data":1150,"sent_data":439,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"beacon-v2.helpscout.net/static/js/vendor.06c7227b.js","fqdn":"beacon-v2.helpscout.net","domain":"helpscout.net","tld":"net"},"ip":{"addr":"3.167.2.34","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad9f8be6695a153eb3732284469e6e18","sha1":"716209eb3f660fe907290cffeedeb121bcd5626d","sha256":"50bf3385e888eee5e31a92d71c9a194b3bdfb62760b9cc069b962ef9d3b5646f","sha512":"ff1a1c065028ae1457558a91e5c598827f7fd209d5783883ccf1f351de8a9ba3e894e17594fe627af9b7fd3caf5f202c05519cbdfec3e1aa3fe82d3c1cc616cb","ssdeep":"768:wIS1BQh9ezA08FRnPcFCbKm+Qm8eGA0JKMXTOU06egqANa25Kr2wkjMWoxSjmndv:DskFFu6KLANa2or2wgocCD4/FXnmUE","tlshash":"7a53e7d871e0f0a117e7b0b5407f190bf37a692d684d94a0f2a1e8e5bdb451d9223f6c","size":64482,"data":"","first_seen":"2023-03-07T13:52:25Z","last_seen":"2026-05-28T10:17:40.180758Z","times_seen":138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"beacon-v2.helpscout.net/static/js/main.851b6206.js","fqdn":"beacon-v2.helpscout.net","domain":"helpscout.net","tld":"net"},"ip":{"addr":"3.167.2.34","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6d74e8d0144ef7f3eb8be4276aba6760","sha1":"8ed657c1c16c4e272500586907e46aaa1e0cdbff","sha256":"c98b2560e54fa69988c54700e8618226b2ce814459e4a24f50eca15892fb32cd","sha512":"58e0ebad3184490ea81dad2a3d8d67315122208e5be58396e19d81a2317c3df34115b5fcfffb778c0f9c45543a02e6525cbeb71a9c60850dc29882be105f846d","ssdeep":"768:kXrMmOecvo5LWe8pVMpm9tW8O1QiP9wZDSpThAl4kdde9/:29wZupTYJG/","tlshash":"27b229d939d270ed1143dfe51abf0a89a72e3830b4266494b7ccd4da6b3298dd143f19","size":25070,"data":"","first_seen":"2023-03-10T12:59:33Z","last_seen":"2026-05-28T10:17:40.182229Z","times_seen":128,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/0b502bd7632b779787e7571ed7da626349d4848b_CSS.bca366718f045dbe8189.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c1e88c4a68db82bfb3cbc3f81ac70c6","sha1":"bacb2b2c74b3260235a5d5e950c5daec5fffbd6b","sha256":"4c3a0d03a71141a5f6bbf5510a2c2f23566d1c9e292be0fe36e36a5fd7ae74eb","sha512":"f0ddef8ea25da2cb5eaf5a53b0ef8e9730260ec47f03839167da0fd8850838d6e9d9c3a6315a07233fd03aabf44395bf7a7b1f0440199bd89e17f6485c7b1113","ssdeep":"","tlshash":"0aa002671011bcdaa8fc06482363a7b03848000c1f05ccf85b159071b071d1fa9e01c7","size":69,"data":"","first_seen":"2023-03-08T03:48:15Z","last_seen":"2026-05-28T12:48:09.350052Z","times_seen":640,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/484c840239a025432effd6ecc373d498fa764368_CSS.955cd01b185e91c5e5fc.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"092922c847857276e09f07690ba228b6","sha1":"58af57d706abde6c2cfc903e3159f31c56ab92a4","sha256":"6883cd41cde71a856edc40ec217867277c437fe4c2434a6f78fdc341a3f3de5f","sha512":"dab7e7847977063ef0ff2311e5fe5f37d9121eb180cfe77f54a00255789ad9259982cf83e5ab14ebdfb3fa2dd2c927f521bc17e1ee127fd26bea7d79c1a4d480","ssdeep":"","tlshash":"22a002a71001bcdab8fc46882363a7b43848000c1f05ccf81b199071b071d1fa9a41c7","size":70,"data":"","first_seen":"2023-03-08T04:14:16Z","last_seen":"2026-05-28T12:48:09.377589Z","times_seen":656,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/_buildManifest.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"300f0c98b87cdaf3c5cda9c2e48209e2","sha1":"70a25d9905b6bacf802bfc2ae4b0a09cadf7f95d","sha256":"a58c83ec091977ddd7147ebdddcdcdc2ff265912766d7ea0d3b6ae54559e6770","sha512":"19ab302568464cc2e734c46cfb8c3154da12c896bba880c5d8172add97a69d6023af3b4cf1e6f508e958da7ec8721b363aa30cd022c6e37010fb4e2644313e06","ssdeep":"48:J3fs7tBbm16rfqFkJkkgUawkMEGemT+2u1HSY9Daw5V3j6cP:pfB5kJke0PZSY9pV3/","tlshash":"159159820d327e851ed3fc497dbdaf3e85d004b1e9b6427752ad842e85810389f69b94","size":4344,"data":"","first_seen":"2023-06-10T15:07:45Z","last_seen":"2026-05-28T10:17:40.256774Z","times_seen":123,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/styles.e97b3b41101980a26299.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"5fadc53624752d69fe87630a0252c536","sha1":"15917d2352f4b49ba38ae6e2391ebdbd714e2a48","sha256":"3762f85211f51a5df900d789b669902af8c6da147f333a2ae3f8e4d0df022945","sha512":"d79a8fc03f335b6006e379e4955f229b11cc1b423e7e2af1c3708836e3662827ab85d60a4111a1493d09446283822c33769d21bfe5344ea081b4053adc27b60f","ssdeep":"","tlshash":"e1d09e1828a03877a4e621e0225b31d81ca6121e36fcfc9407b0819a9b3168e145388d","size":210,"data":"","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.309841Z","times_seen":585,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f0762afea7c93e3c7221a1824862708","sha1":"6f8f203938463a542e64b1880b28f964b3694744","sha256":"a52aefb96505514bb02815d352fe8570ee462d7fa533fe471f6b671b8129a6a1","sha512":"9732b106b8d94458f18668739831bce8b8fb5da4f755211f15b6c2b927e227821d272a151d0af3148b323a102d53421a3685303e57318b470aacda9ce72d86fc","ssdeep":"1536:J8WzTvM2zlB90lcHxLKfdp8WYl5hTAlvuRGhLZ0a9NlvBHhSjAyeuMS7xkbSS0Y7:J8W3vFB900s8b5aWRGsa9TvBHGDyQu","tlshash":"04b3f8d9b7c6716693a374b8907f010bf17a6d92f84ccc94e146c5c02eb8a9941bbf6c","size":112194,"data":"","first_seen":"2023-06-10T15:07:45Z","last_seen":"2026-05-28T10:17:40.242793Z","times_seen":121,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/analytics.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"fda30e8a22c9bcd954fd8d0fadd0e77c","sha1":"ae47cd34cbde081a48d7f92fc80aaf06a1381193","sha256":"b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719","sha512":"bf551c26ecbdbca8d8be0bc05aede18db415318a8143226e03311e235b7d8d497d6e08d73417926c878d253ad38f0dfc11571df2700500d02e68596b903309ac","ssdeep":"768:KzaHsEBCwsN7sP5XqYakqCyPnHOlTjY3SoaeDV6KHmCgYUD0ZTXEwyVfZsc:GaME1r5havjHO9Y3SoR7UwyVj","tlshash":"cf331af9b7523456c3a271e4403f1007907aedd6f449d894b58ad6d06d38eab02fbf68","size":50230,"data":"","first_seen":"2023-03-08T05:22:31Z","last_seen":"2026-05-28T12:48:09.375395Z","times_seen":668,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/sandbox%20eval%20code","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.896325Z","times_seen":921522,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/framework.7425f7c0f2c0fa6b9f98.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e1ff77e618abd1dda42076059844b3bd","sha1":"ef903e1a9fd286d99fd2c12321258d23632ddd12","sha256":"3b23efa8cbbe6cf291780e1677d4dde9d3e6f1394c1a188ece60c5726df76815","sha512":"2d9e979a9c70cba67a51c58efdbd22ba921559c87ff97e33b5e7b31bf3a572936d705ab49ec7804ee0f0e28e75e6e8dc4dffc36b2e35f5abf37a39b62c7d8da4","ssdeep":"1536:B4v3hV6X5JRGNeG4XFmkXdKwDSuSdDp7FktuGhR8XvCi0AHlk:SfhV6TZ1YwKt7gRwCi0AHlk","tlshash":"7bc3f8d93992f5626bf311b7109f1813733d161b280c4960a212fddeb5bd05ea12bf9e","size":129218,"data":"","first_seen":"2023-03-08T19:36:35Z","last_seen":"2026-05-28T12:48:09.3141Z","times_seen":640,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"beacon-v2.helpscout.net/","fqdn":"beacon-v2.helpscout.net","domain":"helpscout.net","tld":"net"},"ip":{"addr":"3.167.2.34","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fd54c2f8bbaaaba0544fced99f9de3e3","sha1":"874c9ffd34a19ab9675b9477102bc10e2c844575","sha256":"2bef7ba01c0d1ecc6461c9034779eed098d990a69d8624d76f6d37c8ee44568e","sha512":"c84f63c5c26f4e42ab9b9e181cee54089888f914db8c1c2889dabe625491a5b0c23e69f746cdd940d44ed4242d3a8b94b8fcb987751ac6781c604d0c03395e9b","ssdeep":"","tlshash":"f8e0c05e3c45d43517f70cb2536bc82da2614a504021d202e4ca8cb5f86cdda4c7e7ad","size":372,"data":"","first_seen":"2026-01-15T13:45:52.48452Z","last_seen":"2026-01-19T14:56:30.948207Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?f4b3788b2247dd149fb7fdffe8aece79","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc0b2685df683737f38e4fbfb3dbcc58","sha1":"2bfc8d0675059bc9f2f170e2f33a57163f9dfb53","sha256":"29a747de13cb2d13bd85548e53297b772a41c1caa03b8e792afedf3775e6d919","sha512":"64bf747e61235e9b0e6c357a08b34ed1a9d3a9dc7642081244832be20512bbcc7c7a299daff09e1e5dcbffa5c9cf19b6b469da12b47a0f08df1f99976be4a77a","ssdeep":"384:AQJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:b4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"3dd2c9e9b282713293a324a5153f324af07b5a54bd4968a4f11994c07d38fbb027bfdd","size":29950,"data":"","first_seen":"2026-01-18T23:39:01.802678Z","last_seen":"2026-01-18T23:39:01.802678Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"beacon-v2.helpscout.net/static/js/vendor.0c72b11a.js","fqdn":"beacon-v2.helpscout.net","domain":"helpscout.net","tld":"net"},"ip":{"addr":"3.167.2.34","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7be16d9ed5dc8181531357bd0e9f4070","sha1":"ecc2c65a6c3db7948fbff8321a8d7a7d5cb5fd0c","sha256":"0fe0adf6f2a4ea84ddd49a4dd137ec2098a33946427ffa65bfabdbb4f990107b","sha512":"6a662151afb07214ca56077536a407e29e31c28289579b89fb50e3bed5dc38331776569dcc6e16e1536b628028e87916e5e624d6ef4ed7f1ca4e9aaac4096c1e","ssdeep":"768:N77zTT43DLhgmBGQOyMuCX5eLWk+Z0meb9fruMLuPNjOHtNeIviK9+sZkKtBREOe:Nrn8ZgaxkLeFNXwrrilTB9vaNm5ahb","tlshash":"1f63f9e975d1f06153ea20f5407f150bf33a592a784d80e0b224ecea6cb454e96a7fbc","size":69544,"data":"","first_seen":"2025-09-18T07:35:52.046276Z","last_seen":"2026-05-21T11:26:26.239851Z","times_seen":1119,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"beacon-v2.helpscout.net/static/js/main.e5eb1960.js","fqdn":"beacon-v2.helpscout.net","domain":"helpscout.net","tld":"net"},"ip":{"addr":"3.167.2.34","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b6ccbe85849e918ef7120386eceb826a","sha1":"4217398f945a7596c4aad4328aba98071a408998","sha256":"32c4f774281be8dc8eea89d891b4745040d1a25e1ecd173dd589fad80e2e845e","sha512":"87dbb0781b16d44ccd89ad65c1bf8c5efd2ae4c87ee30d9fc515509a37c2e9547715f8f77b8f234c6fcb80b4a8e7e3e34d7f91d40b88702190d044ed4c8924cb","ssdeep":"768:sAwOGkUUnTxnWmjUju069uBAnRjCVaM8c3RaHNf3ZXpMAhcZ7xR/dfS:7TDNB1kn/E","tlshash":"66e24ccc35d2b0ed2243eae9177f55d9ab3e3520783a6480facda0da676258cc153f58","size":32141,"data":"","first_seen":"2026-01-15T13:45:52.74338Z","last_seen":"2026-01-19T14:56:30.957303Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/gtm/js?id=GTM-MNBPZXP\u0026cid=1275638301.1768779516","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.899011Z","times_seen":919823,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/webpack-d7b2fb72fb7257504a38.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8c19f623e8389f11131a054a7e17ff95","sha1":"d99fc5df50dc64e49c7fab8fed11709c88577303","sha256":"26a81f9748a42eeb15a43c5cc3c1a7b7582e4d9f0ab3cd5be477f87096eed840","sha512":"d866bd8f171d0ea219b0a4763c6e02c3135a90f9d310ec4f328b7aa58743f86917183c56c5abac075b519c064b2fab80161a085674390464fdd6c3da92126c79","ssdeep":"","tlshash":"f63153d536a4fcac53831d5d083f7006f2291d75117cf5c19384e8b2bc6488e9166ebb","size":1539,"data":"","first_seen":"2023-03-07T12:26:26Z","last_seen":"2026-06-03T12:12:39.72719Z","times_seen":1102,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/main-6d7666d16eba6ca8fdb6.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a8f9553df6baeb2e171cdce89eacb733","sha1":"7775797964e2843b09e693a4b87c52deb73cc97c","sha256":"95e58ec729e30195e6d0901842974cef1bb188ec466e8f6235d8af58bee6089d","sha512":"629ab21f9f09e3a6e88c09f49b4ae9db73a1b6341674f83bc9472199bcc3dc4f33800f21cac2e9090dab2ef3ec244b125adaae75692691bd3e0c169467b644c0","ssdeep":"768:1BI73xDd9ogDxodOrcHwtgmlxDUmzihILT/zl+BbQMGnHc03QV1e1yrelBARfl:sjxDdycxodOCwtVyEiy/zl+F2n11le","tlshash":"141393cdf2d6f06247937174802f520af33b6959744e8498e666e8d2bc7984e9133fb8","size":45131,"data":"","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T10:17:40.255151Z","times_seen":151,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/484c840239a025432effd6ecc373d498fa764368.34ac5b45e5ac1c3a47cb.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0c2aa78fd53424b531b23019b0a41401","sha1":"df5c37ac3c5e3fc2bc9dcbdea265d83cc4a37ead","sha256":"4274c6c7974b1bfcbe1d03791149eb32934d159bc4d6bcc5174c0d02c46aabb3","sha512":"3f28ee55e9891bfda9cd9a09cb4b7f65c75e8c2da48b6677dd22d78edc3db83057305d6c5e880fbf474cf085aa8341a660fb19670471c069b143d5cd681ee874","ssdeep":"1536:pbjtAYCvF9OWnpxoxYDquqy/D0hc75IZq1CyUWT:cIDMT","tlshash":"c653c7a871d1f4b552e350a6402f150af3762d6c842db880f3b1c8f4be7a65e5627f3a","size":65280,"data":"","first_seen":"2023-03-08T19:36:36Z","last_seen":"2026-05-28T12:48:09.318554Z","times_seen":630,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/1641eb77b9112ff2fb25bddeb2768b5acdab245a.ddfbf19e7603a37d6806.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"552c5063233ad54261536138d4a076d0","sha1":"778af6c5426f94f06f28719e903c23abb05f3e02","sha256":"c4c517002a5b45885d582009e1d856936665f91680a2c7a349d48e7cb2a870b7","sha512":"81b92d4ee837cc4129bef3358c736602c08fea9dadade778185bc3c0453ee765127d08d466f72c893463f7c00a964ecc0ed1038e8e8067800ef6d7bc3ba4eb54","ssdeep":"384:cpu7leVQSR561fTQJOPGCM3YQeEtuH/FOYLgXKuWVqzBpr0AkVxeHqO20ziZQnb:cpuSH58TPVkeWs/ngL90AkOYZQnb","tlshash":"cdc2936b470e66531c0c3fab8ada6e4ad008e0e65a439edaf19d5eecd1ef71c054126c","size":26119,"data":"","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.364965Z","times_seen":594,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/sandbox%20eval%20code","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.896325Z","times_seen":921522,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-07T08:18:38.899011Z","times_seen":919823,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/ab7bdd0af29a081632cc65532d6eb4eb4926a6c8.0d9e96011bfadc9b0a01.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7e066e22a6a2c3b69b1b3455c3d70577","sha1":"c5af39dc067ef26e437c1651b2ce36816789bdc3","sha256":"6134bcb96ea349a385a92afeda300484da848307c1fbea537b5e50af1586ab56","sha512":"50756a52954db9c9a4aa5980e68e5179574b69c701975e071202326ff2bba01eb1fd749bbbad1f4b886d766ed9f3b9a7a37b42165e2c70e730d4bb473cc07525","ssdeep":"768:HlfughpxJXPUZPtcehxUhT7SR9/FD28NTbJXLSHPtcehxUGfCxUl3UtCe:1dpxJXPktVO7SvB1bJXLctVUM3g","tlshash":"ea03b4d8b2d3f06547d22274802f2106f27a5959a44ec485f72aecd2bc7494fa137fb9","size":38748,"data":"","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.338761Z","times_seen":587,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/index-a40c48ec0cbed9e08b85.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"298ff14c5cfafb6d3f43954bee2c3dbd","sha1":"396391c95a0b940cf39c663ec8eeeedf6fabad59","sha256":"b576f595d220e54478b3789457228cff1f7e01c3bb2db2a5bf1e980dc2aac862","sha512":"0ed1d22fe284f8e303ab7d85d831b833f2ef747dbce6adac1718696d3492e7e8f72367dd18000c842a0da7e0ba21d78f15c5c8969bdc0fe17090252c4f21f0a5","ssdeep":"1536:dJwztBWJwztBNJwztBKTZUrJ4mtBrGAA4tJHUe2:dJwTWJwTNJwT2ZUrJ4yaAptVH2","tlshash":"a443b6c8b1d6f069439326a0901f210af23b1a5df55dc484e725d8e2bcb895ea237f7d","size":55487,"data":"","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.37402Z","times_seen":335,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"33099ecfebbbabbddaf4323123b64bc1","sha1":"121c63b39b9c2f287bb3eb829797b6b887fe9a28","sha256":"db41a7c8161c07e2b5b8254b6fb89a0b53b131a1d8b149d2b0093d55c3cdfd2b","sha512":"588f536b5f7548f0e7b0ab04c1510833c92c75ffb1e41e8bc27d3a30196e5cee9eb1016ae85d95b0bb9b60f2c9e44242a657566b77a15be1b78c77104c5ce16a","ssdeep":"","tlshash":"9dd097ce31cf40a91acb3ed26401300c70260e2125536e50080268c33c4bc370002a5e","size":250,"data":"","first_seen":"2026-01-18T23:39:01.89275Z","last_seen":"2026-01-18T23:39:01.89275Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/_ssgManifest.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"abee47769bf307639ace4945f9cfd4ff","sha1":"c0a0dc51ee8a2852baf5ff30c33b1478ff302585","sha256":"653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479","sha512":"2b074799106698df69a28fcd8255c3cfd1ccf40fd4c1bf5d463c42e63b32856f801e066706fbd960a0da4ebe645c070c398dcf01bd722dc4fa592266361ae81a","ssdeep":"","tlshash":"d4a001a0903cdc60aa63dd1c126013168fa05062651d28938afd2054c0341410300d50","size":76,"data":"","first_seen":"2023-03-07T01:03:45Z","last_seen":"2026-06-07T22:24:38.497895Z","times_seen":14515,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/29107295.6d4b8f5c00e5492aea21.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4d8225dc49f0ef650c322d2a4964177e","sha1":"8704bb7a8a5cd075068c6d79e7d4b6c9aa08645c","sha256":"03babc01567b1d9af291b4de0a070ef189685c333c948136a31aa08e7ed51a5a","sha512":"5dc846622a7be3961ea31724b6ad89aec34a0f9935b8ac89e5dbc15b70ae4255956e0fa4ad412dcaf1edc0ee025572ef596cfddaa0e6bc3f448fc79942d72078","ssdeep":"1536:xhdVA1ObQbCbmExG502EoIWYwICTJSIHg:z7/mE8502EPWYwICT/A","tlshash":"b3734ec83ec2f016576760b1007f048bf13eaeb269ad9554d0a1e4ec7cb851ee6b7e18","size":73852,"data":"","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-30T17:26:05.161019Z","times_seen":800,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/0b502bd7632b779787e7571ed7da626349d4848b.bcbcabb596ea5f14546a.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0da05f58edf00873953ebc06e6cd1755","sha1":"a042f03639f28b54b5bc951c51cbf04e3747ae72","sha256":"4d47d02b1e8d21b51027610ebfddab9e222080afdf360be835562fe04a82b3af","sha512":"64e2a25d1ea795832006b7f6243fcd7162f759037a3752cad2bde67fdcd1d175bd9fa7e6656ea444ef8cf510e854a4947c233c4477d4aaf61748000f7ed03de3","ssdeep":"6144:baT0tvZVCrDbUPqH6My3/HBRwpmWJMxzt5YumoF:bpTVOaqH6MyvBRwDCdt5YumoF","tlshash":"9f7418dc7291f06243e722b5406f250af37a596ca89ed850f772c8e5acb459e4233f2d","size":355553,"data":"","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.353262Z","times_seen":583,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/aec7d165.44f76719e6d61e47cc91.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7ae8c235677481585bdf3d6b434f5c06","sha1":"1ede66c8886607919af97eacc115579f755c8106","sha256":"8e35b1351f4e3fc99764db106847e307dead4715f743a146b35cc18e3e7c8a13","sha512":"ba17e902c911df2c11497a3caa3a0190f5dc17e9e533ea4fb2954f93f49378b107ce073f12baa084816c275856064448968ff0c2e279eef4c22a533422bb667a","ssdeep":"3072:rOPs5At4sA10x5rTzcck1I2cbwHYS8cbRmMrye3LgbxKGyJHgJxmjwKeYHAXAOhe:rOHjUHYeHJw9XZG3XqDUFmkMtEFcA","tlshash":"c6b46628c51482bc9dba5ba88d325075a65e91ff71e14325e36eccb073610dcf7aacc9","size":494383,"data":"","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.309285Z","times_seen":598,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/vendor.06c7227b.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad9f8be6695a153eb3732284469e6e18","sha1":"716209eb3f660fe907290cffeedeb121bcd5626d","sha256":"50bf3385e888eee5e31a92d71c9a194b3bdfb62760b9cc069b962ef9d3b5646f","sha512":"ff1a1c065028ae1457558a91e5c598827f7fd209d5783883ccf1f351de8a9ba3e894e17594fe627af9b7fd3caf5f202c05519cbdfec3e1aa3fe82d3c1cc616cb","ssdeep":"768:wIS1BQh9ezA08FRnPcFCbKm+Qm8eGA0JKMXTOU06egqANa25Kr2wkjMWoxSjmndv:DskFFu6KLANa2or2wgocCD4/FXnmUE","tlshash":"7a53e7d871e0f0a117e7b0b5407f190bf37a692d684d94a0f2a1e8e5bdb451d9223f6c","size":64482,"data":"","first_seen":"2023-03-07T13:52:25Z","last_seen":"2026-05-28T10:17:40.180758Z","times_seen":138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/saved_resource","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"62e9474d784e737788876f172f2f9131","sha1":"9c17199bf9545d26dfbb9bb0d613346768304d7e","sha256":"45a4183bd58ab1b2b37f85e2efff8a67789c5a483ef1558cf7e7d333375cd43a","sha512":"d92444fc990a69a0d662b341ae71c20b7021caa60a7a69e575732bc4f03c3341f6fdb82264eaf6c1553f246014b98908c61ee4c93703b36d8ecc78ace93fb05e","ssdeep":"","tlshash":"c7f0dc5978d1903203a328eea2aacf0c506265a0b00a8202d09648a41078cf60e6fe9c","size":458,"data":"","first_seen":"2023-03-10T12:59:33Z","last_seen":"2026-05-28T10:17:40.252636Z","times_seen":128,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/help-zh.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b67459d4e03dfbda11d5cb2da06ddcf7","sha1":"e88f5fe605ab4aedd0607acac2d414deff7bb8b2","sha256":"bc85f81edd105cf3bca6ccd726558553f1d931158598bef160fcddd0e47eabb0","sha512":"0ed85f30c2f21583657e4709f4b880250828cff4c68ad2be71a1aed49b365cb79c050a2dee11d1d85061d4ad258ad54e798313c2178b2226453a681a2c250cae","ssdeep":"","tlshash":"c401d0f9b5177414437391e5a3bfeb4c7a976305aa4948c1d58bccc0703cc5b410b949","size":768,"data":"","first_seen":"2023-04-09T05:09:01Z","last_seen":"2026-05-28T12:48:09.376026Z","times_seen":579,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/analysis.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"1c8e8c36dbbb921bfa3c76a5f189ff74","sha1":"927c5a8c9ee4ac1e0624b023db736f25b0260dcf","sha256":"ee935d04b7047e10e5ab56550d96e1f837a60a1263a55bcbc2a0bb0deda70ffc","sha512":"fe16e6ea03dfaf7c93befb2a12490e42ac9e638248840a1533f1934d04636117a807076d122cfb21b124a487cc021828a6232b191e97d53731fea1d504a7c245","ssdeep":"","tlshash":"291100cf355915387e975beb33b3971c7023690a3925ea128aaf8894502aee6103b1cd","size":935,"data":"","first_seen":"2023-03-13T04:18:54Z","last_seen":"2026-05-28T12:48:09.319299Z","times_seen":365,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/hm.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d6cc0e3702334f8572319bbd42468935","sha1":"b048a41fdaaae4103517a31e89f554d4b1e8fb6e","sha256":"30a7ef5500dd74b7f7c85f8755d738037f07d17302f0e50769178cdc54106878","sha512":"fc62a8c12c4f4715885ced007f2c936851b0b027ed5489f2b685af6aff095a1cd26a3fbde8cbbc9ce6d27b7afcf4e260d0d31e2f525a273402bf5d4605288336","ssdeep":"384:gC9CxA/odjlRKhm2/8oyUpNHRDWlnrgvRvj5rPJzR7l24PtuMHMogmM7q8hjSqJv:gbbXUpNHFWtrgfrJ3PtuMsogmMDnv","tlshash":"25d2caa9b1867136d6f320a5153f320af0bb5a50fd4958a4e11998c07d38fbb017bfad","size":30500,"data":"","first_seen":"2023-06-10T15:07:45Z","last_seen":"2026-05-28T10:17:40.258167Z","times_seen":123,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/a86f4b7efd9de9fd67c117702f5646c6a1b3c61d.fef06ab6fb43411cda49.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c8c7825994e08851a086391e4c87fe4","sha1":"bd94c847928af5298e7a0ccf6354979c5d56eab6","sha256":"656bc3b2ed785360eccfe3f73f6ee6bec4c0bb751dc8583e6e8d17f8f59d4fe7","sha512":"9cbb66ec7a0532fd25ad13d67b1ab2a9d03c442a3df6617cdb800c4ec8572d213f94340b43ac54adfd66b77e7420e6ed7bfa52f9338c8e3c6abae7b23fd20b64","ssdeep":"3072:SGuJJSDo/65PrI50/eEFUR1vBPeL6KJKvHZXcbKeu/7xZ8BIUBELP5/KU1mkzlA3:Qk/exc4xuEd/1YrxpIF0Z","tlshash":"0554839fa7310ab609fa41cd8dd92bfed8d20a1101d5d47bc2fa1a863b0457ee633e15","size":299972,"data":"","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.315941Z","times_seen":584,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-07T08:13:41.750256Z","times_seen":121588,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-07T08:13:41.750256Z","times_seen":121588,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/common.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"f82ea3f9225dd45fec3eebd6e63c954c","sha1":"2d6886dbbb8be31c4b2e4da073ce5230a6bfeb2a","sha256":"59e2227be4a47a7fb1d43287da5e2df66f60a6dd98e606b7ec6995c46a14126a","sha512":"0d22f8b10915b50abc1e4ea28be4765384afa8f08fd08b1a87af2072ed2933b311d5da5fc1176c6cfdaa4a3895084d7093e6c1838ead3e709cf93917d43cdec1","ssdeep":"","tlshash":"f451118e72c9b5b766eb1dbd11af379c793a118bd80c8011647ac8d95a701858033eef","size":2743,"data":"","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.308363Z","times_seen":792,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/main.851b6206.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6d74e8d0144ef7f3eb8be4276aba6760","sha1":"8ed657c1c16c4e272500586907e46aaa1e0cdbff","sha256":"c98b2560e54fa69988c54700e8618226b2ce814459e4a24f50eca15892fb32cd","sha512":"58e0ebad3184490ea81dad2a3d8d67315122208e5be58396e19d81a2317c3df34115b5fcfffb778c0f9c45543a02e6525cbeb71a9c60850dc29882be105f846d","ssdeep":"768:kXrMmOecvo5LWe8pVMpm9tW8O1QiP9wZDSpThAl4kdde9/:29wZupTYJG/","tlshash":"27b229d939d270ed1143dfe51abf0a89a72e3830b4266494b7ccd4da6b3298dd143f19","size":25070,"data":"","first_seen":"2023-03-10T12:59:33Z","last_seen":"2026-05-28T10:17:40.182229Z","times_seen":128,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/_app-26afb46c84ae5083d2c8.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3636ec28433fa1cf50647d0850f3f3fc","sha1":"895a287647cd5edc53d9b6f758be3381e31513ac","sha256":"b0dcd8fdc5b3ad0c817bb96054580e449a63f415c952d2abf96038c0951595e1","sha512":"06fe82dc2b75c7cb646262dc7dfd5d083300a1704c1c5a33f9a331afba0f32b096759000829deb0e29d9a809207cc11e65afa1e80c92d19b5d5a9f0da328e039","ssdeep":"96:V7jR75sA7jqf2wR/xJ6RUQfq0MSIsg/lADCpl1MylkO6q4ZwPDP7I4zqMBZ55qZx:Rd7N1IZN0MQalkCplObqlbHz95NQ3op+","tlshash":"6ff1a48971a1f08127f695f2403f510eb3f2696da49dd0806766c4f89efa95e4323f1c","size":7944,"data":"","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.321817Z","times_seen":576,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/scrollreveal.min.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"126cb7c432914f6c726ff146110dcb75","sha1":"e5358bdb7769288dc7c2dc10508e98387e85b6e2","sha256":"fd08659fe0f20fd14dcf4c3c5acdde64de96028174f59b0b3dc776b62be789b9","sha512":"005fd83d6e18b49ad8bc8e46c853e03eb34808c7913aa6df836e6f57a4f41a1256c901b78697c85e6001ddc6c5870dc46f1f3cb500fe74fe69f9ddddc980e4ae","ssdeep":"192:zjBEC60RtRcCT+Ytnvm1uvb/E3aQ6ZvxrTZ6fNrb:zNE312Ntnvm1MbEIZvZTZ6fNrb","tlshash":"cd12d68f3e1274339b5349d5e2df064f773849da2a0b9484b2b4d0bab8b101d6243f6d","size":9095,"data":"","first_seen":"2023-03-07T01:07:32Z","last_seen":"2026-06-08T03:42:31.604178Z","times_seen":1547,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/scrollreveal.min.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/scrollreveal.min.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-2387\"\r\nexpires: Mon, 19 Jan 2026 11:38:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9095,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (9095), with no line terminators","md5":"126cb7c432914f6c726ff146110dcb75","sha1":"e5358bdb7769288dc7c2dc10508e98387e85b6e2","sha256":"fd08659fe0f20fd14dcf4c3c5acdde64de96028174f59b0b3dc776b62be789b9","sha512":"005fd83d6e18b49ad8bc8e46c853e03eb34808c7913aa6df836e6f57a4f41a1256c901b78697c85e6001ddc6c5870dc46f1f3cb500fe74fe69f9ddddc980e4ae","ssdeep":"192:zjBEC60RtRcCT+Ytnvm1uvb/E3aQ6ZvxrTZ6fNrb:zNE312Ntnvm1MbEIZvZTZ6fNrb","tlshash":"cd12d68f3e1274339b5349d5e2df064f773849da2a0b9484b2b4d0bab8b101d6243f6d","first_seen":"2023-03-07T01:07:32Z","last_seen":"2026-06-08T03:42:31.604178Z","times_seen":1547,"resource_available":true,"data":null}},"time_used":952,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":952,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:34 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 112194\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-1b642\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":112194,"size_decoded":0,"mime_type":"application/octet-stream","magic":"JavaScript source, ASCII text, with very long lines (1343)","md5":"2f0762afea7c93e3c7221a1824862708","sha1":"6f8f203938463a542e64b1880b28f964b3694744","sha256":"a52aefb96505514bb02815d352fe8570ee462d7fa533fe471f6b671b8129a6a1","sha512":"9732b106b8d94458f18668739831bce8b8fb5da4f755211f15b6c2b927e227821d272a151d0af3148b323a102d53421a3685303e57318b470aacda9ce72d86fc","ssdeep":"1536:J8WzTvM2zlB90lcHxLKfdp8WYl5hTAlvuRGhLZ0a9NlvBHhSjAyeuMS7xkbSS0Y7:J8W3vFB900s8b5aWRGsa9TvBHGDyQu","tlshash":"04b3f8d9b7c6716693a374b8907f010bf17a6d92f84ccc94e146c5c02eb8a9941bbf6c","first_seen":"2023-06-10T15:07:45Z","last_seen":"2026-05-28T10:17:40.242793Z","times_seen":121,"resource_available":true,"data":null}},"time_used":870,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":516,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/twitter.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/twitter.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 599\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-257\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":599,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"9dbc7890b4c52dff09e7203babc8369a","sha1":"3da674aa07c53f903cbc779b97f571f9c561f9e0","sha256":"c3d38f32d68b9dc80f5c549c9cdacc274539b890ea894fccad065d4808e23bfe","sha512":"b63f78778bcaab70433ea07ade2f2a1be2213198bd7d9fa1ed8cae7c89ad62407b6d1f9c42b4d2c505718b5713617be25e497f0dec0d5cdaa7b60a5cae2374ab","ssdeep":"","tlshash":"3cf0e1594a9e2ad4861fdfda9637117a701b78f11bb5c2ce81a0b65164a4cfd4c1cd20","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-08T02:40:01.029215Z","times_seen":1155,"resource_available":false,"data":null}},"time_used":1541,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1140,"receive":401,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beacon-v2.helpscout.net/static/js/vendor.06c7227b.js","fqdn":"beacon-v2.helpscout.net","domain":"helpscout.net","tld":"net"},"ip":{"addr":"3.167.2.34","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:35.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.helpscout.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Thu, 06 Mar 2025 00:00:00 GMT","end":"Fri, 03 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"13:DB:4C:AE:C2:EF:23:C5:95:76:77:E7:70:21:28:E3:46:E4:F2:1E","sha256":"95:AE:AF:20:4C:C0:EA:E7:FF:CA:03:0F:C4:66:5D:C6:D6:64:20:9E:28:52:44:DB:EB:C1:E2:48:D0:A1:93:CD"}}},"request":{"raw":"GET /static/js/vendor.06c7227b.js HTTP/1.1\r\nHost: beacon-v2.helpscout.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 22285\r\nlast-modified: Tue, 08 Nov 2022 08:50:44 GMT\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncache-control: max-age=315360000, s-maxage=7200, public\r\netag: \"3f4a5cbde86a1c38d64756f63411e950\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 e6220bd7bee9300eb5b87a282645e6ec.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: ZO12z3QUrP_X3-HgOSrohAEyt92XvSKE8RcoWM9d6pfK3U57Kw1NeA==\r\nage: 2846\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000\r\nvary: accept-encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":64482,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (64482), with no line terminators","md5":"ad9f8be6695a153eb3732284469e6e18","sha1":"716209eb3f660fe907290cffeedeb121bcd5626d","sha256":"50bf3385e888eee5e31a92d71c9a194b3bdfb62760b9cc069b962ef9d3b5646f","sha512":"ff1a1c065028ae1457558a91e5c598827f7fd209d5783883ccf1f351de8a9ba3e894e17594fe627af9b7fd3caf5f202c05519cbdfec3e1aa3fe82d3c1cc616cb","ssdeep":"768:wIS1BQh9ezA08FRnPcFCbKm+Qm8eGA0JKMXTOU06egqANa25Kr2wkjMWoxSjmndv:DskFFu6KLANa2or2wgocCD4/FXnmUE","tlshash":"7a53e7d871e0f0a117e7b0b5407f190bf37a692d684d94a0f2a1e8e5bdb451d9223f6c","first_seen":"2023-03-07T13:52:25Z","last_seen":"2026-05-28T10:17:40.180758Z","times_seen":138,"resource_available":true,"data":null}},"time_used":147,"timings":{"blocked":40,"dns":22,"connect":1,"send":0,"wait":65,"receive":1,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/vendor.06c7227b.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/vendor.06c7227b.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-fbe2\"\r\nexpires: Mon, 19 Jan 2026 11:38:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":64482,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (64482), with no line terminators","md5":"ad9f8be6695a153eb3732284469e6e18","sha1":"716209eb3f660fe907290cffeedeb121bcd5626d","sha256":"50bf3385e888eee5e31a92d71c9a194b3bdfb62760b9cc069b962ef9d3b5646f","sha512":"ff1a1c065028ae1457558a91e5c598827f7fd209d5783883ccf1f351de8a9ba3e894e17594fe627af9b7fd3caf5f202c05519cbdfec3e1aa3fe82d3c1cc616cb","ssdeep":"768:wIS1BQh9ezA08FRnPcFCbKm+Qm8eGA0JKMXTOU06egqANa25Kr2wkjMWoxSjmndv:DskFFu6KLANa2or2wgocCD4/FXnmUE","tlshash":"7a53e7d871e0f0a117e7b0b5407f190bf37a692d684d94a0f2a1e8e5bdb451d9223f6c","first_seen":"2023-03-07T13:52:25Z","last_seen":"2026-05-28T10:17:40.180758Z","times_seen":138,"resource_available":true,"data":null}},"time_used":911,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":911,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/saved_resource","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/saved_resource HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:34 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 458\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-1ca\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":458,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text, with very long lines (458), with no line terminators","md5":"62e9474d784e737788876f172f2f9131","sha1":"9c17199bf9545d26dfbb9bb0d613346768304d7e","sha256":"45a4183bd58ab1b2b37f85e2efff8a67789c5a483ef1558cf7e7d333375cd43a","sha512":"d92444fc990a69a0d662b341ae71c20b7021caa60a7a69e575732bc4f03c3341f6fdb82264eaf6c1553f246014b98908c61ee4c93703b36d8ecc78ace93fb05e","ssdeep":"","tlshash":"c7f0dc5978d1903203a328eea2aacf0c506265a0b00a8202d09648a41078cf60e6fe9c","first_seen":"2023-03-10T12:59:33Z","last_seen":"2026-05-28T10:17:40.252636Z","times_seen":128,"resource_available":true,"data":null}},"time_used":1036,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":955,"receive":81,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/0b502bd7632b779787e7571ed7da626349d4848b.bcbcabb596ea5f14546a.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/0b502bd7632b779787e7571ed7da626349d4848b.bcbcabb596ea5f14546a.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-56ce1\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":355553,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"0da05f58edf00873953ebc06e6cd1755","sha1":"a042f03639f28b54b5bc951c51cbf04e3747ae72","sha256":"4d47d02b1e8d21b51027610ebfddab9e222080afdf360be835562fe04a82b3af","sha512":"64e2a25d1ea795832006b7f6243fcd7162f759037a3752cad2bde67fdcd1d175bd9fa7e6656ea444ef8cf510e854a4947c233c4477d4aaf61748000f7ed03de3","ssdeep":"6144:baT0tvZVCrDbUPqH6My3/HBRwpmWJMxzt5YumoF:bpTVOaqH6MyvBRwDCdt5YumoF","tlshash":"9f7418dc7291f06243e722b5406f250af37a596ca89ed850f772c8e5acb459e4233f2d","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.353262Z","times_seen":583,"resource_available":true,"data":null}},"time_used":1171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1171,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/484c840239a025432effd6ecc373d498fa764368.34ac5b45e5ac1c3a47cb.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/484c840239a025432effd6ecc373d498fa764368.34ac5b45e5ac1c3a47cb.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-ff00\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65280,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65280), with no line terminators","md5":"0c2aa78fd53424b531b23019b0a41401","sha1":"df5c37ac3c5e3fc2bc9dcbdea265d83cc4a37ead","sha256":"4274c6c7974b1bfcbe1d03791149eb32934d159bc4d6bcc5174c0d02c46aabb3","sha512":"3f28ee55e9891bfda9cd9a09cb4b7f65c75e8c2da48b6677dd22d78edc3db83057305d6c5e880fbf474cf085aa8341a660fb19670471c069b143d5cd681ee874","ssdeep":"1536:pbjtAYCvF9OWnpxoxYDquqy/D0hc75IZq1CyUWT:cIDMT","tlshash":"c653c7a871d1f4b552e350a6402f150af3762d6c842db880f3b1c8f4be7a65e5627f3a","first_seen":"2023-03-08T19:36:36Z","last_seen":"2026-05-28T12:48:09.318554Z","times_seen":630,"resource_available":true,"data":null}},"time_used":1169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1169,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/partner-consensys.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/partner-consensys.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-c180\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":49536,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e6c8c3635e46cc20c06379fb68fa638c","sha1":"8b1ecdf3c884347449e8eb40802a78e8d8c8e258","sha256":"7d39b719ac59dba8e899accd2c2cdcbcc4cfccdb8ac7a05f74d8c866373034d4","sha512":"9306f5982803f40f8981f5685d2087d53b955961d7fdc3760047e9fbfa96bbb128137aa9787a3cab9d0118d3104d07b206dc539cd86a657c150d7eb4703b2031","ssdeep":"768:rG7JFv8hva55P71WPJ9WsUAKFhTw7bAvk2goGW0AUK7dfj9sae7:rS8izPIPM3wPAvktoGdy7e7","tlshash":"b72351d0377686e8b845b2fdcb3ea5e238226cdd35018999d3b02c19ac8167d4d9ced7","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-08T02:40:01.032637Z","times_seen":1574,"resource_available":false,"data":null}},"time_used":1155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/partner-0x.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/partner-0x.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-17b5\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6069,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"026ba44434197fa5b70c533a470b8dd1","sha1":"11777cffdac270653201a7a4cd8f37c97513c520","sha256":"6bb97144580980397314ef35072a2a590718d7b1f0c9221affdb2a9dd3c81b0e","sha512":"1fe4c35c27696d7b8abba300b24da27cc5a6ccb4f1910a6627ff2b7df0f8b0809ce3b14191acabea579be9a10efa109f5154916aea809d10e3f52f614d8b8363","ssdeep":"96:tyivLBLNnuG/q9SWPZ1tzSnWmqhG3q1H+p5eUkankRhl3zG9D6a:tyi+G/uv9+nWmqa2+DfkjRhl69D6a","tlshash":"9fc196dc2b748df8b84167fadb2a04ea3147e4fb20824730c3a4ad09795546dcd99ee3","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-04T13:55:02.215239Z","times_seen":852,"resource_available":false,"data":null}},"time_used":1153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/webpack-d7b2fb72fb7257504a38.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/webpack-d7b2fb72fb7257504a38.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-603\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1539,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1539), with no line terminators","md5":"8c19f623e8389f11131a054a7e17ff95","sha1":"d99fc5df50dc64e49c7fab8fed11709c88577303","sha256":"26a81f9748a42eeb15a43c5cc3c1a7b7582e4d9f0ab3cd5be477f87096eed840","sha512":"d866bd8f171d0ea219b0a4763c6e02c3135a90f9d310ec4f328b7aa58743f86917183c56c5abac075b519c064b2fab80161a085674390464fdd6c3da92126c79","ssdeep":"","tlshash":"f63153d536a4fcac53831d5d083f7006f2291d75117cf5c19384e8b2bc6488e9166ebb","first_seen":"2023-03-07T12:26:26Z","last_seen":"2026-06-03T12:12:39.72719Z","times_seen":1102,"resource_available":true,"data":null}},"time_used":1161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/29107295.6d4b8f5c00e5492aea21.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/29107295.6d4b8f5c00e5492aea21.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-1207c\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73852,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4d8225dc49f0ef650c322d2a4964177e","sha1":"8704bb7a8a5cd075068c6d79e7d4b6c9aa08645c","sha256":"03babc01567b1d9af291b4de0a070ef189685c333c948136a31aa08e7ed51a5a","sha512":"5dc846622a7be3961ea31724b6ad89aec34a0f9935b8ac89e5dbc15b70ae4255956e0fa4ad412dcaf1edc0ee025572ef596cfddaa0e6bc3f448fc79942d72078","ssdeep":"1536:xhdVA1ObQbCbmExG502EoIWYwICTJSIHg:z7/mE8502EPWYwICT/A","tlshash":"b3734ec83ec2f016576760b1007f048bf13eaeb269ad9554d0a1e4ec7cb851ee6b7e18","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-30T17:26:05.161019Z","times_seen":800,"resource_available":true,"data":null}},"time_used":1173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/partner-polkdot.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/partner-polkdot.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-36c6\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14022,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"43cf963b81e048636c39d1e514ce1184","sha1":"2e604e4e2086cc0c0189d911af4fe4c70694acbc","sha256":"0b486f91fee9220388fa9f7e8a8869105aff8a197582ded63b1078d4001c092e","sha512":"1855c21bbc25300760913bbf689aa6675f2ce99ee5585e6ee305956e75d8aacb2e664867e3de79015ddcfd838ff46242a05fcba648432d1b85142efa1cc0878c","ssdeep":"384:85KRkKZJj+AjA6Tam5cKqez2c/9s57HWqwBjk:85m/ZzTaLtg67zwk","tlshash":"b05283cc2bb587fcf886f0ff9b1110a5784698ff79818a75c3685d08788251c9e45da7","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-04T13:55:02.227413Z","times_seen":1516,"resource_available":false,"data":null}},"time_used":1160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/partner-eea.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/partner-eea.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-2371\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9073,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"53bcfb318f9f0c4154d8e1e62f82b913","sha1":"4a20547c48deae59d13aaee8c20d753f8f1a20df","sha256":"077082d9d65c580cd7ba9d07c6ec91c0938c046d423ae2033acb87408d1b5f1d","sha512":"ecf7fca017c109d84ac5aa21034f2c82f61a17301631b5bff1cffbde0402eb431599ad34e22aca9c2d600d4e0dde6c139c9486fec512b73174b093ae1a00780c","ssdeep":"192:AxgiKqOb40EhtFepr7T6Uuu+YoPl2Xwa3zbI2+8EzJLoH1Mq:agiu4Dhtcp3GPlubHKLoVMq","tlshash":"f912e7d817f581e4fd85e3feea29b099750694ffaa84c744c3e86e19384122c5d4eec2","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-04T13:55:02.174218Z","times_seen":1128,"resource_available":false,"data":null}},"time_used":1157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?f4b3788b2247dd149fb7fdffe8aece79","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:35.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?f4b3788b2247dd149fb7fdffe8aece79 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11344\r\nContent-Type: application/javascript\r\nDate: Sun, 18 Jan 2026 23:38:36 GMT\r\nEtag: f13b486e9af8bab931046327521b27fb\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=D45344C45051386D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29950,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (674)","md5":"fc0b2685df683737f38e4fbfb3dbcc58","sha1":"2bfc8d0675059bc9f2f170e2f33a57163f9dfb53","sha256":"29a747de13cb2d13bd85548e53297b772a41c1caa03b8e792afedf3775e6d919","sha512":"64bf747e61235e9b0e6c357a08b34ed1a9d3a9dc7642081244832be20512bbcc7c7a299daff09e1e5dcbffa5c9cf19b6b469da12b47a0f08df1f99976be4a77a","ssdeep":"384:AQJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:b4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"3dd2c9e9b282713293a324a5153f324af07b5a54bd4968a4f11994c07d38fbb027bfdd","first_seen":"2026-01-18T23:39:01.802678Z","last_seen":"2026-01-18T23:39:01.802678Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1597,"timings":{"blocked":759,"dns":0,"connect":0,"send":0,"wait":320,"receive":1,"ssl":517},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/analytics.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/analytics.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-c436\"\r\nexpires: Mon, 19 Jan 2026 11:38:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":50230,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1325)","md5":"fda30e8a22c9bcd954fd8d0fadd0e77c","sha1":"ae47cd34cbde081a48d7f92fc80aaf06a1381193","sha256":"b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719","sha512":"bf551c26ecbdbca8d8be0bc05aede18db415318a8143226e03311e235b7d8d497d6e08d73417926c878d253ad38f0dfc11571df2700500d02e68596b903309ac","ssdeep":"768:KzaHsEBCwsN7sP5XqYakqCyPnHOlTjY3SoaeDV6KHmCgYUD0ZTXEwyVfZsc:GaME1r5havjHO9Y3SoR7UwyVj","tlshash":"cf331af9b7523456c3a271e4403f1007907aedd6f449d894b58ad6d06d38eab02fbf68","first_seen":"2023-03-08T05:22:31Z","last_seen":"2026-05-28T12:48:09.375395Z","times_seen":668,"resource_available":true,"data":null}},"time_used":954,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":954,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/hm.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/hm.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-7724\"\r\nexpires: Mon, 19 Jan 2026 11:38:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30500,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (732)","md5":"d6cc0e3702334f8572319bbd42468935","sha1":"b048a41fdaaae4103517a31e89f554d4b1e8fb6e","sha256":"30a7ef5500dd74b7f7c85f8755d738037f07d17302f0e50769178cdc54106878","sha512":"fc62a8c12c4f4715885ced007f2c936851b0b027ed5489f2b685af6aff095a1cd26a3fbde8cbbc9ce6d27b7afcf4e260d0d31e2f525a273402bf5d4605288336","ssdeep":"384:gC9CxA/odjlRKhm2/8oyUpNHRDWlnrgvRvj5rPJzR7l24PtuMHMogmM7q8hjSqJv:gbbXUpNHFWtrgfrJ3PtuMsogmMDnv","tlshash":"25d2caa9b1867136d6f320a5153f320af0bb5a50fd4958a4e11998c07d38fbb017bfad","first_seen":"2023-06-10T15:07:45Z","last_seen":"2026-05-28T10:17:40.258167Z","times_seen":123,"resource_available":true,"data":null}},"time_used":953,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":953,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/index-a40c48ec0cbed9e08b85.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.823Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/index-a40c48ec0cbed9e08b85.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-d8bf\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55487,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (55487), with no line terminators","md5":"298ff14c5cfafb6d3f43954bee2c3dbd","sha1":"396391c95a0b940cf39c663ec8eeeedf6fabad59","sha256":"b576f595d220e54478b3789457228cff1f7e01c3bb2db2a5bf1e980dc2aac862","sha512":"0ed1d22fe284f8e303ab7d85d831b833f2ef747dbce6adac1718696d3492e7e8f72367dd18000c842a0da7e0ba21d78f15c5c8969bdc0fe17090252c4f21f0a5","ssdeep":"1536:dJwztBWJwztBNJwztBKTZUrJ4mtBrGAA4tJHUe2:dJwTWJwTNJwT2ZUrJ4yaAptVH2","tlshash":"a443b6c8b1d6f069439326a0901f210af23b1a5df55dc484e725d8e2bcb895ea237f7d","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.37402Z","times_seen":335,"resource_available":true,"data":null}},"time_used":1167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1167,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/0b502bd7632b779787e7571ed7da626349d4848b_CSS.bca366718f045dbe8189.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/0b502bd7632b779787e7571ed7da626349d4848b_CSS.bca366718f045dbe8189.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 69\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-45\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"7c1e88c4a68db82bfb3cbc3f81ac70c6","sha1":"bacb2b2c74b3260235a5d5e950c5daec5fffbd6b","sha256":"4c3a0d03a71141a5f6bbf5510a2c2f23566d1c9e292be0fe36e36a5fd7ae74eb","sha512":"f0ddef8ea25da2cb5eaf5a53b0ef8e9730260ec47f03839167da0fd8850838d6e9d9c3a6315a07233fd03aabf44395bf7a7b1f0440199bd89e17f6485c7b1113","ssdeep":"","tlshash":"0aa002671011bcdaa8fc06482363a7b03848000c1f05ccf85b159071b071d1fa9e01c7","first_seen":"2023-03-08T03:48:15Z","last_seen":"2026-05-28T12:48:09.350052Z","times_seen":640,"resource_available":true,"data":null}},"time_used":1424,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1170,"receive":254,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/defi.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/defi.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 226\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-e2\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":226,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"85b27006079fe2579b83455280b9b58d","sha1":"a24e9b63e44b08169a2a51fc19124f9354b43e37","sha256":"9ba6aa1b832755ce9bff3bff696c26c9a5276249b0e942b32c95cd24b04dd0d4","sha512":"e9f202d5e4b1108591406d015907b30facd6a9b5f18343546dc7fe6e95e388fd1dc4a94e7a7818851e50508d6df5e35ff702f4cb5c3c90e9dd16ccbe11a87959","ssdeep":"","tlshash":"99d023bc755c8d068450c048622f757b61de10d5c34402a1f0c01e057654df734013e8","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-04T13:55:02.191998Z","times_seen":957,"resource_available":false,"data":null}},"time_used":1538,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1162,"receive":376,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/partner-kyber.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/partner-kyber.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-4e9b\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20123,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"82d655ff6e0984bcaae63d7dc6463334","sha1":"0e6f39fda428ceb9fae5b481a5d73e76d6ba4666","sha256":"a05a43286060318dc0f2ae93cad913310c81dfa99ea6711d35346ba0e576ef31","sha512":"382d4359ac3d5afcf598a57da57fa64d010495647f337334fd95be0f77d2ac0bcdc34a9e82438b14f1d8e2803d20e3a3e493bd6494ae86e10ac04e49431c04ac","ssdeep":"384:ejwOemsMOO6Vb8py5UPT+KKazMGvaCvu5nb6AOY9i:ejwOeLMqb8pmy+VVkLen9Owi","tlshash":"f192c4dd27754af8f84af2fed72310da341668ee65808f25c3b86d09398286c5d49cd7","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-04T13:55:02.21596Z","times_seen":1211,"resource_available":false,"data":null}},"time_used":1153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/discord.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/discord.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-540\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1344,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4843ef32f5106881cea9a4da691223cc","sha1":"6f806744b2e9dc22ac05491301d663c7cd01f219","sha256":"76e374e9e73d1f9fc28f6d5c31bd17fe07819599a35cb431f16cadba6b71e612","sha512":"2ccede4eb3bb08d01d1875f8462ecf2b7a232e656c17668e1d4672d45a1aa97bbfc452b671258e0b86d12f66dc1f17f3da9bc856d5a56e92a3cb85f711f3d66d","ssdeep":"","tlshash":"6521c1f283e460e464479f85e4358913f51a34fab75e4a484780ebc17b25017984eca0","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-08T02:40:01.031581Z","times_seen":1074,"resource_available":false,"data":null}},"time_used":1133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=GTM-MNBPZXP\u0026cv=5\u0026t=ol\u0026g=7\u0026p=ga\u0026l=0\u0026d=-423\u0026c=56\u0026hc=0\u0026sr=0.050000\u0026ps=0.008793136295540571\u0026cb=1975257579","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.19.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:37.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:08:49 GMT","end":"Tue, 03 Mar 2026 17:08:48 GMT"},"fingerprint":{"sha1":"70:99:EB:7E:36:F3:5D:44:AF:03:0A:9C:2D:A0:5C:8C:AC:4C:A2:FE","sha256":"03:A4:44:57:D2:2E:70:9C:3B:54:B3:2C:77:CA:EF:E7:05:21:C8:E9:8E:61:6C:BB:7C:D0:43:3C:42:75:EC:06"}}},"request":{"raw":"GET /a?id=GTM-MNBPZXP\u0026cv=5\u0026t=ol\u0026g=7\u0026p=ga\u0026l=0\u0026d=-423\u0026c=56\u0026hc=0\u0026sr=0.050000\u0026ps=0.008793136295540571\u0026cb=1975257579 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 18 Jan 2026 23:38:37 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T04:34:22.099329Z","times_seen":16229809,"resource_available":true,"data":null}},"time_used":204,"timings":{"blocked":84,"dns":1,"connect":20,"send":0,"wait":31,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/0b502bd7632b779787e7571ed7da626349d4848b_CSS.b97c0dd0.chunk.css","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/0b502bd7632b779787e7571ed7da626349d4848b_CSS.b97c0dd0.chunk.css HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-3a81c\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":239644,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"aaf80d6ccff93c1d0b146af2a494c961","sha1":"ca59012e21b1cc85afaa7309797ac8922ccc4304","sha256":"2716d3320d4373beda8ea9b00f93b7859595d356f86e03b798c504f75441cf9b","sha512":"a59093d45b90b35b2c2776963c635cedb8a0b43a8c07b8809a624deb0c096b359fc89b06babd7cef4ec40a60257a4f9a2486b9211afb77fa33c0be7db1c092bd","ssdeep":"1536:gBzfkfXfkfuf+fyf+f80vjEGWGTOR9COXo+1sHz:0fkfXfkfuf+fyf+fxvYLXCOX+","tlshash":"3f34b8d165d1312cba6fc727b6e49889a7204523d36f9dfea131329dcf85287229370e","first_seen":"2023-04-09T05:09:01Z","last_seen":"2026-05-28T10:17:40.198752Z","times_seen":311,"resource_available":false,"data":null}},"time_used":1083,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1083,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/styles.2224a2cf.chunk.css","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/styles.2224a2cf.chunk.css HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-38b4\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14516,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14516), with no line terminators","md5":"faaf5afd32b289c34bc0e1e9f2d43db8","sha1":"b8e7f8ff0c107f28903e70ec103412afbf8e4d0e","sha256":"cf23c1a08436aa9ca2cbfdae42eb4979caa56f972b0c80caafe466a64956d6c8","sha512":"6c449ff46e30ac65425b2925474a28467c0c87d8e7c7edbf7c790849958d8042f4594aa111713e1b862bf238ab4c1bec695254a75e2e163695bde58a350970a6","ssdeep":"192://xXQzuBhtSu/Zjj9gsb89ZXMGvppByqP5+:7bZyW0NMGvpryqQ","tlshash":"b55212195234322c61e39335aac87d49f5358912837f45bde4e2b31edff84630ea6b89","first_seen":"2023-04-09T05:09:01Z","last_seen":"2026-05-28T12:48:09.360595Z","times_seen":589,"resource_available":false,"data":null}},"time_used":1137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/484c840239a025432effd6ecc373d498fa764368_CSS.955cd01b185e91c5e5fc.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/484c840239a025432effd6ecc373d498fa764368_CSS.955cd01b185e91c5e5fc.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 70\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-46\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":70,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"092922c847857276e09f07690ba228b6","sha1":"58af57d706abde6c2cfc903e3159f31c56ab92a4","sha256":"6883cd41cde71a856edc40ec217867277c437fe4c2434a6f78fdc341a3f3de5f","sha512":"dab7e7847977063ef0ff2311e5fe5f37d9121eb180cfe77f54a00255789ad9259982cf83e5ab14ebdfb3fa2dd2c927f521bc17e1ee127fd26bea7d79c1a4d480","ssdeep":"","tlshash":"22a002a71001bcdab8fc46882363a7b43848000c1f05ccf81b199071b071d1fa9a41c7","first_seen":"2023-03-08T04:14:16Z","last_seen":"2026-05-28T12:48:09.377589Z","times_seen":656,"resource_available":true,"data":null}},"time_used":1433,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1168,"receive":265,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beacon-v2.helpscout.net/","fqdn":"beacon-v2.helpscout.net","domain":"helpscout.net","tld":"net"},"ip":{"addr":"3.167.2.34","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:37.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.helpscout.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Thu, 06 Mar 2025 00:00:00 GMT","end":"Fri, 03 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"13:DB:4C:AE:C2:EF:23:C5:95:76:77:E7:70:21:28:E3:46:E4:F2:1E","sha256":"95:AE:AF:20:4C:C0:EA:E7:FF:CA:03:0F:C4:66:5D:C6:D6:64:20:9E:28:52:44:DB:EB:C1:E2:48:D0:A1:93:CD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: beacon-v2.helpscout.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 286\r\nlast-modified: Thu, 15 Jan 2026 13:34:34 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sun, 18 Jan 2026 23:36:49 GMT\r\ncache-control: max-age=120, s-maxage=120, public\r\netag: \"3a05709637699f03fae7ee5e58a666d9\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 e6220bd7bee9300eb5b87a282645e6ec.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: EjLKQKZN1cgebxV_2fnT7RdpPvxy3nTdrzqIc4l5EoD_fGYlV1_Ozg==\r\nage: 108\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000\r\nvary: accept-encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":372,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (372), with no line terminators","md5":"fd54c2f8bbaaaba0544fced99f9de3e3","sha1":"874c9ffd34a19ab9675b9477102bc10e2c844575","sha256":"2bef7ba01c0d1ecc6461c9034779eed098d990a69d8624d76f6d37c8ee44568e","sha512":"c84f63c5c26f4e42ab9b9e181cee54089888f914db8c1c2889dabe625491a5b0c23e69f746cdd940d44ed4242d3a8b94b8fcb987751ac6781c604d0c03395e9b","ssdeep":"","tlshash":"f8e0c05e3c45d43517f70cb2536bc82da2614a504021d202e4ca8cb5f86cdda4c7e7ad","first_seen":"2026-01-15T13:45:52.48452Z","last_seen":"2026-01-19T14:56:30.948207Z","times_seen":20,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/alarm.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/alarm.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 533\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-215\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":533,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b20df3089e50c545541d8ee900863574","sha1":"451b3f7e7fd362deed7642033c480082bcb0674a","sha256":"7c9ca78247b00b98096dc68fc15527fa07e332c5c87c7834e1511786a490af68","sha512":"40eb69a60fe3c221e70659a54d99e80089e6e8ea47994b7460dfb1ca0d03207570de0a7bb03ae32706a2e1c10a9fb791e8216a57bafe0c516f0f48eed0ea6a7f","ssdeep":"","tlshash":"bff05994538c9ebcb6224f24db1172b6207b31373b9d9258d863a43a216411d683f9fc","first_seen":"2023-05-07T16:57:14Z","last_seen":"2026-06-08T02:40:01.041237Z","times_seen":2062,"resource_available":false,"data":null}},"time_used":1515,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1166,"receive":349,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/app-example.png","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/app-example.png HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-3c0e\"\r\nexpires: Tue, 17 Feb 2026 23:38:35 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15374,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 720 x 316, 8-bit colormap, non-interlaced","md5":"50dc94f68ed13a76f5ecf3f44a3b4700","sha1":"79cd47a2e9b02e72884d23c10db40cb9fb5fe107","sha256":"6d879640fafe9b02ff62caac7fb998f7b8c23bae0a020124054a22dfaf433b55","sha512":"bc4ada07d1c5ea770502a381a26d0bc7271bc281dca164a64f20337b8016e17dc85f43077d1d22cce7724fa12ee2786767070647dbba6bbdca2e217d824eacfb","ssdeep":"384:UJjL1ruEppdXPNUaBtM7ZXbhnevcTPlf+sM+2Vq/XzxxBl:Ob1+SSY+2Vgrl","tlshash":"b262cffa68360dc7e0bda309ba0983d64624ec79912c60e9c155bb1b1cfcea7177c5e1","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-04T13:55:02.222515Z","times_seen":1106,"resource_available":false,"data":null}},"time_used":1144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/subscribe.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/subscribe.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 576\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-240\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":576,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"78f86cd737a9a0fcbfc9f23b1478550f","sha1":"4b36dbf9b0d3e338565618d31c6f7aee0a073d85","sha256":"5f2206d50773ff3d50037d78573b8b661efb7acc84c1412427b6472f15ef578a","sha512":"5c414940624f563fd5675b7f880226889f83dc1ab5731f79e17e940fb3daaa6d5eb5b9462b5ab321c7a37e1000a15f610533abef32a5a3792982f7314af7a48d","ssdeep":"","tlshash":"c5f0215454ec444885184615c7d6fad5242fa1434315025cf35c655f3f344b75c6e3de","first_seen":"2023-05-07T16:57:14Z","last_seen":"2026-06-08T02:40:01.052036Z","times_seen":1134,"resource_available":false,"data":null}},"time_used":1527,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1126,"receive":401,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beacon-v2.helpscout.net/static/js/main.e5eb1960.js","fqdn":"beacon-v2.helpscout.net","domain":"helpscout.net","tld":"net"},"ip":{"addr":"3.167.2.34","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:37.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.helpscout.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Thu, 06 Mar 2025 00:00:00 GMT","end":"Fri, 03 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"13:DB:4C:AE:C2:EF:23:C5:95:76:77:E7:70:21:28:E3:46:E4:F2:1E","sha256":"95:AE:AF:20:4C:C0:EA:E7:FF:CA:03:0F:C4:66:5D:C6:D6:64:20:9E:28:52:44:DB:EB:C1:E2:48:D0:A1:93:CD"}}},"request":{"raw":"GET /static/js/main.e5eb1960.js HTTP/1.1\r\nHost: beacon-v2.helpscout.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 12454\r\nlast-modified: Thu, 15 Jan 2026 13:34:34 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sun, 18 Jan 2026 23:22:36 GMT\r\ncache-control: max-age=315360000, s-maxage=7200, public\r\netag: \"c567d01f0da9ea7c1667cca4c70ca157\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 e6220bd7bee9300eb5b87a282645e6ec.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: hi1moVhfS6fgPAiMrvRl52NwfoJ-VnSR0JJ8v_BIQ8Wwaxmllc8umw==\r\nage: 964\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000\r\nvary: accept-encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":32141,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32026)","md5":"b6ccbe85849e918ef7120386eceb826a","sha1":"4217398f945a7596c4aad4328aba98071a408998","sha256":"32c4f774281be8dc8eea89d891b4745040d1a25e1ecd173dd589fad80e2e845e","sha512":"87dbb0781b16d44ccd89ad65c1bf8c5efd2ae4c87ee30d9fc515509a37c2e9547715f8f77b8f234c6fcb80b4a8e7e3e34d7f91d40b88702190d044ed4c8924cb","ssdeep":"768:sAwOGkUUnTxnWmjUju069uBAnRjCVaM8c3RaHNf3ZXpMAhcZ7xR/dfS:7TDNB1kn/E","tlshash":"66e24ccc35d2b0ed2243eae9177f55d9ab3e3520783a6480facda0da676258cc153f58","first_seen":"2026-01-15T13:45:52.74338Z","last_seen":"2026-01-19T14:56:30.957303Z","times_seen":20,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/common.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/common.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-ab7\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2743,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"f82ea3f9225dd45fec3eebd6e63c954c","sha1":"2d6886dbbb8be31c4b2e4da073ce5230a6bfeb2a","sha256":"59e2227be4a47a7fb1d43287da5e2df66f60a6dd98e606b7ec6995c46a14126a","sha512":"0d22f8b10915b50abc1e4ea28be4765384afa8f08fd08b1a87af2072ed2933b311d5da5fc1176c6cfdaa4a3895084d7093e6c1838ead3e709cf93917d43cdec1","ssdeep":"","tlshash":"f451118e72c9b5b766eb1dbd11af379c793a118bd80c8011647ac8d95a701858033eef","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.308363Z","times_seen":792,"resource_available":true,"data":null}},"time_used":1054,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1054,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/help-zh.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/help-zh.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:34 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 768\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-300\"\r\nexpires: Mon, 19 Jan 2026 11:38:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":768,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (527)","md5":"b67459d4e03dfbda11d5cb2da06ddcf7","sha1":"e88f5fe605ab4aedd0607acac2d414deff7bb8b2","sha256":"bc85f81edd105cf3bca6ccd726558553f1d931158598bef160fcddd0e47eabb0","sha512":"0ed85f30c2f21583657e4709f4b880250828cff4c68ad2be71a1aed49b365cb79c050a2dee11d1d85061d4ad258ad54e798313c2178b2226453a681a2c250cae","ssdeep":"","tlshash":"c401d0f9b5177414437391e5a3bfeb4c7a976305aa4948c1d58bccc0703cc5b410b949","first_seen":"2023-04-09T05:09:01Z","last_seen":"2026-05-28T12:48:09.376026Z","times_seen":579,"resource_available":true,"data":null}},"time_used":1032,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":952,"receive":80,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/ab7bdd0af29a081632cc65532d6eb4eb4926a6c8.0d9e96011bfadc9b0a01.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/ab7bdd0af29a081632cc65532d6eb4eb4926a6c8.0d9e96011bfadc9b0a01.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-975c\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38748,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (38748), with no line terminators","md5":"7e066e22a6a2c3b69b1b3455c3d70577","sha1":"c5af39dc067ef26e437c1651b2ce36816789bdc3","sha256":"6134bcb96ea349a385a92afeda300484da848307c1fbea537b5e50af1586ab56","sha512":"50756a52954db9c9a4aa5980e68e5179574b69c701975e071202326ff2bba01eb1fd749bbbad1f4b886d766ed9f3b9a7a37b42165e2c70e730d4bb473cc07525","ssdeep":"768:HlfughpxJXPUZPtcehxUhT7SR9/FD28NTbJXLSHPtcehxUGfCxUl3UtCe:1dpxJXPktVO7SvB1bJXLctVUM3g","tlshash":"ea03b4d8b2d3f06547d22274802f2106f27a5959a44ec485f72aecd2bc7494fa137fb9","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.338761Z","times_seen":587,"resource_available":true,"data":null}},"time_used":1176,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1176,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/styles.e97b3b41101980a26299.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/styles.e97b3b41101980a26299.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 210\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-d2\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":210,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"5fadc53624752d69fe87630a0252c536","sha1":"15917d2352f4b49ba38ae6e2391ebdbd714e2a48","sha256":"3762f85211f51a5df900d789b669902af8c6da147f333a2ae3f8e4d0df022945","sha512":"d79a8fc03f335b6006e379e4955f229b11cc1b423e7e2af1c3708836e3662827ab85d60a4111a1493d09446283822c33769d21bfe5344ea081b4053adc27b60f","ssdeep":"","tlshash":"e1d09e1828a03877a4e621e0225b31d81ca6121e36fcfc9407b0819a9b3168e145388d","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.309841Z","times_seen":585,"resource_available":true,"data":null}},"time_used":1433,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1168,"receive":265,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/wallet.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/wallet.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-2066\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8294,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1581a25991859d82a1dfae12a425efa9","sha1":"abf3e2a10d2e26d36739f4072cab3dfd40a7355a","sha256":"8548cc89a0ef6ec00994aba63a8724dd19fd156e743205b8d593f28266bc3255","sha512":"491b5ba888e685c93bce4b373b5cb4e96a24626656a60e393ebfcadef92c8f4fa304199abbb67f8a5f19ef3e92729eea5305a9edbca0c46d16ec2976f3d2e60f","ssdeep":"192:KDSlNrVYV4RgswsLqYaFZhjALWddAzXV6dXl:hVV049qYrsGTVS","tlshash":"4a0241cc23185ce4ddd0c3f9ef29a1f4b123a5f9a954605c87106b2a3c649ae2c7b9c7","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-05-28T12:48:09.351452Z","times_seen":767,"resource_available":false,"data":null}},"time_used":1164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/business.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/business.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 834\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-342\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":834,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5edce84229c2295c6fc6b49a18afcda9","sha1":"8e93ee77317b040d252bea7e41da9a405d76642f","sha256":"f3752af7aab239ede54fdd4f23390750ad0d7719e2a60b63ab35166965b6b9c2","sha512":"5dbcccf0a1050cee5f3eb7347d1fa7d37e531856b9abbccee538ffa6ef787bbcd833e0c0105281b16bf877dfd14aa873f4056cc7c2587650d14b3e7865eea666","ssdeep":"","tlshash":"0601af65a34d193cb31393a4d6063770222a5c611716b21486722cb694f710dbabb9ea","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-08T02:40:01.051476Z","times_seen":1243,"resource_available":false,"data":null}},"time_used":1543,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1145,"receive":398,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/a86f4b7efd9de9fd67c117702f5646c6a1b3c61d.fef06ab6fb43411cda49.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/a86f4b7efd9de9fd67c117702f5646c6a1b3c61d.fef06ab6fb43411cda49.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-493c4\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":299972,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"9c8c7825994e08851a086391e4c87fe4","sha1":"bd94c847928af5298e7a0ccf6354979c5d56eab6","sha256":"656bc3b2ed785360eccfe3f73f6ee6bec4c0bb751dc8583e6e8d17f8f59d4fe7","sha512":"9cbb66ec7a0532fd25ad13d67b1ab2a9d03c442a3df6617cdb800c4ec8572d213f94340b43ac54adfd66b77e7420e6ed7bfa52f9338c8e3c6abae7b23fd20b64","ssdeep":"3072:SGuJJSDo/65PrI50/eEFUR1vBPeL6KJKvHZXcbKeu/7xZ8BIUBELP5/KU1mkzlA3:Qk/exc4xuEd/1YrxpIF0Z","tlshash":"0554839fa7310ab609fa41cd8dd92bfed8d20a1101d5d47bc2fa1a863b0457ee633e15","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.315941Z","times_seen":584,"resource_available":true,"data":null}},"time_used":1177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1177,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/feedback.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/feedback.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 881\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-371\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":881,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"58b754c0f9f2c13b0be845b7ada0602a","sha1":"765e62db886f66d31bbfff3c8f9616b93fd4418b","sha256":"d02703d5c4610bd9bb5ad07df5d714ade9d5dc84286f93adf6d95e1fdf8491d4","sha512":"4498c883e3f4f9f614cfd60084d44012f1c79f22c1b50cf2bf24513eb48571a23cad4dfa31381d7b7943f98c5f930f2ae90c5c12453bb9052271f1c13983ceda","ssdeep":"","tlshash":"5811ef59339c9edc77219b68d382b775326720e3270ee020d9712976ad1462d3d3b6ec","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-08T02:40:01.049332Z","times_seen":1242,"resource_available":false,"data":null}},"time_used":1544,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1148,"receive":396,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/down.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/down.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 273\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-111\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":273,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d89956a0a8163e9112a1ff134e0192e9","sha1":"45c6ce6b806c0645ff9e9f4b66a68470a3df093f","sha256":"88acc67d467b208ae457f5bf642512bdc29a9363ce05ca58806351f506c80ffb","sha512":"3e731577a7e9bd543f1adedc9cae5ca33e0bffca35eaa02b431d51e2ca30c1b2647530c73d74cc4639d1fa0ac0cb1fe3df0cdb772fabd3540272be1754aaeebf","ssdeep":"","tlshash":"14d02bf2b008c448c5064131c7fc55de30a760c5304c00d5b272741af0589eb681079f","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-04T13:55:02.223216Z","times_seen":813,"resource_available":false,"data":null}},"time_used":1543,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1142,"receive":401,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/_next/static/chunks/pages/_error-4469b30c3e65b545fbfe.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:36.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /_next/static/chunks/pages/_error-4469b30c3e65b545fbfe.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nCookie: Hm_lvt_f4b3788b2247dd149fb7fdffe8aece79=1768779516; Hm_lpvt_f4b3788b2247dd149fb7fdffe8aece79=1768779516; _ga=GA1.2.1275638301.1768779516; _gid=GA1.2.1598784226.1768779516; _gat=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:36 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"69303ae7-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-08T04:38:51.920557Z","times_seen":279552,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"token.im/img/favicon-16x16.png","fqdn":"token.im","domain":"token.im","tld":"im"},"ip":{"addr":"172.66.151.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:37.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.token.im","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 06 Jun 2025 00:00:00 GMT","end":"Mon, 08 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CD:6A:97:52:4E:A8:46:CE:4F:1D:42:72:6D:C1:19:46:04:DD:E7:0E","sha256":"54:95:F0:AB:F3:83:AB:3A:88:D5:EA:82:AD:9E:2E:8B:05:68:CD:B5:B7:F3:38:F0:F9:18:27:39:5D:38:08:1C"}}},"request":{"raw":"GET /img/favicon-16x16.png HTTP/1.1\r\nHost: token.im\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 18 Jan 2026 23:38:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 564\r\nlast-modified: Wed, 31 Dec 2025 07:05:53 GMT\r\ncache-control: max-age=31536\r\nx-frame-options: SAMEORIGIN\r\nx-from: gke-prod\r\nx-xss-protection: 1; mode=block\r\nx-geoip-city-country-code: NO\r\nx-geoip-city-country-name: Norway\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nvia: 1.1 google\r\naccept-ranges: bytes\r\ncf-cache-status: EXPIRED\r\nvary: accept-encoding\r\nserver: cloudflare\r\ncf-ray: 9c01ed4d8efe712a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":564,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 17, 8-bit/color RGBA, non-interlaced","md5":"a9e72fde9756f0477fbdfce7b2725020","sha1":"cb8208cd7824a287db8d97e8750cd0b0c7b9704c","sha256":"d292c48434ad9c30f4220e220c5cb53f8221acdf0e93e59de5659f7b4e735af6","sha512":"507bfabd7f58d15d72b68a73565f019da129aa5f2d6e4ddd650dc41401bf844ac6ba402dfe020c5e60ba3174ab1c5a676149434a49d481d4b5798225c831e9b6","ssdeep":"","tlshash":"cdf096cae6286d7a2758900a69360770fc370b9344c151be01e43321f53ac316a8b8bc","first_seen":"2024-04-19T06:46:35Z","last_seen":"2026-05-30T17:26:05.188178Z","times_seen":814,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":-1,"dns":6,"connect":1,"send":0,"wait":335,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"beacon-v2.helpscout.net/static/js/vendor.0c72b11a.js","fqdn":"beacon-v2.helpscout.net","domain":"helpscout.net","tld":"net"},"ip":{"addr":"3.167.2.34","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:37.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.helpscout.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Thu, 06 Mar 2025 00:00:00 GMT","end":"Fri, 03 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"13:DB:4C:AE:C2:EF:23:C5:95:76:77:E7:70:21:28:E3:46:E4:F2:1E","sha256":"95:AE:AF:20:4C:C0:EA:E7:FF:CA:03:0F:C4:66:5D:C6:D6:64:20:9E:28:52:44:DB:EB:C1:E2:48:D0:A1:93:CD"}}},"request":{"raw":"GET /static/js/vendor.0c72b11a.js HTTP/1.1\r\nHost: beacon-v2.helpscout.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 24954\r\nlast-modified: Thu, 08 Jan 2026 16:29:00 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sun, 18 Jan 2026 23:22:36 GMT\r\ncache-control: max-age=315360000, s-maxage=7200, public\r\netag: \"a7b8a45d85678ecbd3f6ef21bd952b87\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 e6220bd7bee9300eb5b87a282645e6ec.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: kcc2pGsU9uyBkfoGjsInaBHOm-p-zRwqBqVccshgx-diShDK1a_4Rw==\r\nage: 964\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000\r\nvary: accept-encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":69544,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"7be16d9ed5dc8181531357bd0e9f4070","sha1":"ecc2c65a6c3db7948fbff8321a8d7a7d5cb5fd0c","sha256":"0fe0adf6f2a4ea84ddd49a4dd137ec2098a33946427ffa65bfabdbb4f990107b","sha512":"6a662151afb07214ca56077536a407e29e31c28289579b89fb50e3bed5dc38331776569dcc6e16e1536b628028e87916e5e624d6ef4ed7f1ca4e9aaac4096c1e","ssdeep":"768:N77zTT43DLhgmBGQOyMuCX5eLWk+Z0meb9fruMLuPNjOHtNeIviK9+sZkKtBREOe:Nrn8ZgaxkLeFNXwrrilTB9vaNm5ahb","tlshash":"1f63f9e975d1f06153ea20f5407f150bf33a592a784d80e0b224ecea6cb454e96a7fbc","first_seen":"2025-09-18T07:35:52.046276Z","last_seen":"2026-05-21T11:26:26.239851Z","times_seen":1119,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/tokenfans.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/tokenfans.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-6dd\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1757,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ccb9eab093240587905ab16659346d3e","sha1":"d4048ca15d5a35b99f83da664d1a85e2967fce7b","sha256":"2c081b94d2a381db87ba69c0eeec6fb5c5fc0779971e162e322157c2818f8446","sha512":"f12f4aba96a08d3ff4e3c78bb259bcafd55be0e0636f87097674fa2e34529496a4d7c97a732b4210bb19f2b0b5e82d8529b74881876c66565596406e59ad8167","ssdeep":"","tlshash":"58316544a3ece2c8a200a3f44b75ee70362f14a63515c05587996d59ac0151c2db98fe","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-05-30T17:26:05.196319Z","times_seen":905,"resource_available":false,"data":null}},"time_used":1149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1149,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/aec7d165.44f76719e6d61e47cc91.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/aec7d165.44f76719e6d61e47cc91.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-78b2f\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":494383,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"7ae8c235677481585bdf3d6b434f5c06","sha1":"1ede66c8886607919af97eacc115579f755c8106","sha256":"8e35b1351f4e3fc99764db106847e307dead4715f743a146b35cc18e3e7c8a13","sha512":"ba17e902c911df2c11497a3caa3a0190f5dc17e9e533ea4fb2954f93f49378b107ce073f12baa084816c275856064448968ff0c2e279eef4c22a533422bb667a","ssdeep":"3072:rOPs5At4sA10x5rTzcck1I2cbwHYS8cbRmMrye3LgbxKGyJHgJxmjwKeYHAXAOhe:rOHjUHYeHJw9XZG3XqDUFmkMtEFcA","tlshash":"c6b46628c51482bc9dba5ba88d325075a65e91ff71e14325e36eccb073610dcf7aacc9","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.309285Z","times_seen":598,"resource_available":true,"data":null}},"time_used":1174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/partner-ethereum.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/partner-ethereum.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-25d0\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9680,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bd8f57a32cd521ec6f4d6faf2932bfd8","sha1":"f31988b4e991a56351f6f833775f3fc277a3f0a1","sha256":"9e5ed3658d4df3fb2782c7714d3db670600b9b59572df69100a22ebcd18bb7fd","sha512":"53647d6f897cb39f2f6d05111ec3d63af410283235d9ec5196340f3931facf35a6b4c2cd14200ae999a8f55c1a9f89feeac689e588fb50f5e869665c13a28c2b","ssdeep":"192:oFyM0Jy+wEq+/E6YE07UOdihOahHBggiUNGIeyZLSSqKXF0:mCwEvc6YEgwhOjgUIeEMKXO","tlshash":"ca12b6dc6f3385fcb8c5a1fedb1554a835549cee780686a9d3782d046c42928dd0a8e3","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-08T02:40:01.03691Z","times_seen":1173,"resource_available":false,"data":null}},"time_used":1161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/_ssgManifest.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/_ssgManifest.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 76\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-4c\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":76,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"abee47769bf307639ace4945f9cfd4ff","sha1":"c0a0dc51ee8a2852baf5ff30c33b1478ff302585","sha256":"653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479","sha512":"2b074799106698df69a28fcd8255c3cfd1ccf40fd4c1bf5d463c42e63b32856f801e066706fbd960a0da4ebe645c070c398dcf01bd722dc4fa592266361ae81a","ssdeep":"","tlshash":"d4a001a0903cdc60aa63dd1c126013168fa05062651d28938afd2054c0341410300d50","first_seen":"2023-03-07T01:03:45Z","last_seen":"2026-06-07T22:24:38.497895Z","times_seen":14515,"resource_available":true,"data":null}},"time_used":1459,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1115,"receive":344,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/swiper.min.css","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/swiper.min.css HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:34 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-4d3f\"\r\nexpires: Mon, 19 Jan 2026 11:38:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19775,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (19513)","md5":"13e3477e9b99b8653e80def106e569e7","sha1":"34a50a5848aea3d3b6345a2a29fea97d0b48e8c4","sha256":"cbd3907ccf320bf09a971e16978df6d2293228febdbcffd158ce25011a6d68a1","sha512":"54776d5f9ef56af29d4deeef3884c7385bdc0419698694a6c63481b53e17fd4af3c8ba89d95284944b23778cf66810b0ec705e9b757e7c798da15e7957398bcf","ssdeep":"192:dWaNv/lSSyJWCh8zfi5o/mXDN3eBxwdJ5c:dWa1/lS0Cifi5o/mXOGJ5c","tlshash":"5592612c17003057e6334f1a87d99778c724c9939e4358ef6250ee48c7bb96a32af766","first_seen":"2023-04-06T20:39:57Z","last_seen":"2026-06-04T13:55:02.226046Z","times_seen":1661,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":264,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/analysis.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/analysis.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:34 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 935\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-3a7\"\r\nexpires: Mon, 19 Jan 2026 11:38:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":935,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (696)","md5":"1c8e8c36dbbb921bfa3c76a5f189ff74","sha1":"927c5a8c9ee4ac1e0624b023db736f25b0260dcf","sha256":"ee935d04b7047e10e5ab56550d96e1f837a60a1263a55bcbc2a0bb0deda70ffc","sha512":"fe16e6ea03dfaf7c93befb2a12490e42ac9e638248840a1533f1934d04636117a807076d122cfb21b124a487cc021828a6232b191e97d53731fea1d504a7c245","ssdeep":"","tlshash":"291100cf355915387e975beb33b3971c7023690a3925ea128aaf8894502aee6103b1cd","first_seen":"2023-03-13T04:18:54Z","last_seen":"2026-05-28T12:48:09.319299Z","times_seen":365,"resource_available":true,"data":null}},"time_used":1056,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":953,"receive":103,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/main-6d7666d16eba6ca8fdb6.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/main-6d7666d16eba6ca8fdb6.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-b04b\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45131,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (45131), with no line terminators","md5":"a8f9553df6baeb2e171cdce89eacb733","sha1":"7775797964e2843b09e693a4b87c52deb73cc97c","sha256":"95e58ec729e30195e6d0901842974cef1bb188ec466e8f6235d8af58bee6089d","sha512":"629ab21f9f09e3a6e88c09f49b4ae9db73a1b6341674f83bc9472199bcc3dc4f33800f21cac2e9090dab2ef3ec244b125adaae75692691bd3e0c169467b644c0","ssdeep":"768:1BI73xDd9ogDxodOrcHwtgmlxDUmzihILT/zl+BbQMGnHc03QV1e1yrelBARfl:sjxDdycxodOCwtVyEiy/zl+F2n11le","tlshash":"141393cdf2d6f06247937174802f520af33b6959744e8498e666e8d2bc7984e9133fb8","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T10:17:40.255151Z","times_seen":151,"resource_available":true,"data":null}},"time_used":1158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/arrow-right.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/arrow-right.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 226\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-e2\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":226,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"61b701c843a206b3b87effecd8382257","sha1":"533694db85b583c57b95d0f5820d5682bffd11ea","sha256":"8e40d35259ad6bf0e0988c35d1a3221ebdd5a7034e172d61fb96914e9e2893d7","sha512":"17ccb39299336765756aa42abce6939beabca1a709b98b102b3a8f1aa283dcfd50232b39b53cffdc11d768f0037b3ff8c6519ca2a730112a306f6ecbc028cdbf","ssdeep":"","tlshash":"f4d0a72b6349cc2cba624528e3a4367510f35192054d1154d53221359d4559f793b9dc","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-04T13:55:02.172907Z","times_seen":944,"resource_available":false,"data":null}},"time_used":1538,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1162,"receive":376,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/github.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/github.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 696\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-2b8\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":696,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4149501d6f5d8ca92ce457bf972ddd58","sha1":"914af4392becba78bf750a49b9bf2cdf50d3bbb4","sha256":"77932b8662117bf991a79571d25775103f60a7625edfe9d7151a880144332e0b","sha512":"cb22ae17f8af457b86808495f50f875ad060f9f6941759760788efbccaada24ce42a5fcf05e46cff7b94f44e3b36d96072f3934bc3b2902d39155fca5ca56b43","ssdeep":"","tlshash":"b2017bac63e073606d46d76cd0a974b0b28734b72fa9c5a4e145e843a1158dfa8d8910","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-08T02:40:01.045992Z","times_seen":1149,"resource_available":false,"data":null}},"time_used":1536,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1134,"receive":402,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1138975896\u0026si=f4b3788b2247dd149fb7fdffe8aece79\u0026v=1.2.97\u0026lv=1\u0026sn=55401\u0026r=0\u0026ww=1280\u0026ct=!!\u0026u=https%3A%2F%2Fxz.imtokeno.vip%2F","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:35.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1138975896\u0026si=f4b3788b2247dd149fb7fdffe8aece79\u0026v=1.2.97\u0026lv=1\u0026sn=55401\u0026r=0\u0026ww=1280\u0026ct=!!\u0026u=https%3A%2F%2Fxz.imtokeno.vip%2F HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Sun, 18 Jan 2026 23:38:36 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=E0DFFD2AA9AB3DBA; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-08T04:08:43.586313Z","times_seen":367054,"resource_available":true,"data":null}},"time_used":1820,"timings":{"blocked":758,"dns":7,"connect":246,"send":0,"wait":308,"receive":0,"ssl":499},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/main.851b6206.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/main.851b6206.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:34 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-61ee\"\r\nexpires: Mon, 19 Jan 2026 11:38:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25070,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (24956)","md5":"6d74e8d0144ef7f3eb8be4276aba6760","sha1":"8ed657c1c16c4e272500586907e46aaa1e0cdbff","sha256":"c98b2560e54fa69988c54700e8618226b2ce814459e4a24f50eca15892fb32cd","sha512":"58e0ebad3184490ea81dad2a3d8d67315122208e5be58396e19d81a2317c3df34115b5fcfffb778c0f9c45543a02e6525cbeb71a9c60850dc29882be105f846d","ssdeep":"768:kXrMmOecvo5LWe8pVMpm9tW8O1QiP9wZDSpThAl4kdde9/:29wZupTYJG/","tlshash":"27b229d939d270ed1143dfe51abf0a89a72e3830b4266494b7ccd4da6b3298dd143f19","first_seen":"2023-03-10T12:59:33Z","last_seen":"2026-05-28T10:17:40.182229Z","times_seen":128,"resource_available":true,"data":null}},"time_used":956,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":956,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/framework.7425f7c0f2c0fa6b9f98.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/framework.7425f7c0f2c0fa6b9f98.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-1f8c2\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":129218,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e1ff77e618abd1dda42076059844b3bd","sha1":"ef903e1a9fd286d99fd2c12321258d23632ddd12","sha256":"3b23efa8cbbe6cf291780e1677d4dde9d3e6f1394c1a188ece60c5726df76815","sha512":"2d9e979a9c70cba67a51c58efdbd22ba921559c87ff97e33b5e7b31bf3a572936d705ab49ec7804ee0f0e28e75e6e8dc4dffc36b2e35f5abf37a39b62c7d8da4","ssdeep":"1536:B4v3hV6X5JRGNeG4XFmkXdKwDSuSdDp7FktuGhR8XvCi0AHlk:SfhV6TZ1YwKt7gRwCi0AHlk","tlshash":"7bc3f8d93992f5626bf311b7109f1813733d161b280c4960a212fddeb5bd05ea12bf9e","first_seen":"2023-03-08T19:36:35Z","last_seen":"2026-05-28T12:48:09.3141Z","times_seen":640,"resource_available":true,"data":null}},"time_used":1177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1177,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/imTokenLogo.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/imTokenLogo.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-243d\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9277,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4894539667b4efc7bbb1b71858aede4f","sha1":"ab383f9a8e80f0395040697292161db2d4d4ec9c","sha256":"017a2546180fc0544fa71508481ca4bd46287a0c79eed70321b6e3ac09d2f491","sha512":"d7be85308737a738a579957a2e4ff7eaf059ebf6faae61b3aa02aa834904047898443ead2ad4fe26543caf3d2a842fb2c1505de0bea4f35b40d9576adf700dba","ssdeep":"192:vRuLY9xVSRlu7BJsLEmmD4ikXjRJl2MQwJjyDtsLa:vRhxNBKoRkTIMQwJjyDtsLa","tlshash":"5812a4f07674a2fce50be745cd365865b11e2cf9ef0246a8c194ee4525294a6cdcccd1","first_seen":"2023-05-17T05:57:54Z","last_seen":"2026-06-05T23:41:08.25105Z","times_seen":998,"resource_available":false,"data":null}},"time_used":1167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1167,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/1641eb77b9112ff2fb25bddeb2768b5acdab245a.ddfbf19e7603a37d6806.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/1641eb77b9112ff2fb25bddeb2768b5acdab245a.ddfbf19e7603a37d6806.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-6607\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26119,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (26119), with no line terminators","md5":"552c5063233ad54261536138d4a076d0","sha1":"778af6c5426f94f06f28719e903c23abb05f3e02","sha256":"c4c517002a5b45885d582009e1d856936665f91680a2c7a349d48e7cb2a870b7","sha512":"81b92d4ee837cc4129bef3358c736602c08fea9dadade778185bc3c0453ee765127d08d466f72c893463f7c00a964ecc0ed1038e8e8067800ef6d7bc3ba4eb54","ssdeep":"384:cpu7leVQSR561fTQJOPGCM3YQeEtuH/FOYLgXKuWVqzBpr0AkVxeHqO20ziZQnb:cpuSH58TPVkeWs/ngL90AkOYZQnb","tlshash":"cdc2936b470e66531c0c3fab8ada6e4ad008e0e65a439edaf19d5eecd1ef71c054126c","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.364965Z","times_seen":594,"resource_available":true,"data":null}},"time_used":1170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1170,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/partner-cosmos.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/partner-cosmos.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-169e\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5790,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"24b422095f45e55762ce124560f2e32c","sha1":"03bc60748c888a58c7ccf555903a2c90d4f44ae1","sha256":"6d5e008c7a2f9daf1ecc2d5558657820ea5743c9d8f990351fe2122eb5441502","sha512":"e8d317b675e20a790264f0430042a6efd7c192a6e632db5e4ac3b78b5ac3c367a7566d27e9116cdc196ea1f8a64b31eeab24c9f4bba9280d992c2b3345396d8a","ssdeep":"96:U8wi56sbKbFTDWjm6iyinXKd7ycdZg4z3KA7zIJcckwHWtGH27T9B4k:U8rKhnWjRiLO7yw+tcckwmGH27TH4k","tlshash":"b7c1b7fc777562f4b842d1fecb2051f83a51aaebb8020924d3a80e0e9c8197c5d59dd7","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-08T02:40:01.048794Z","times_seen":1177,"resource_available":false,"data":null}},"time_used":1158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/globe.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/globe.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 693\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-2b5\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":693,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"10e9b7298119a70fcdb7ce6ed5430f6e","sha1":"942e41acc75f1fd1ec6b33dd2cb21b29126c6bff","sha256":"f55d4b245d10bad8715a66b9fc5461f23ecf2902bdf1c8ff7c6d04b41e0afea5","sha512":"82e217f7306036f635c6d7af212da66acd33a4547ecd6f91d10555532097627f02e8a707771e809282d7922b3119b7eaaef9b7a04b85f94de3be6a8776997c6e","ssdeep":"","tlshash":"9d012b59b36dce3d78631764d31232b660e7125309487395d432d1346990c5e6b77dcc","first_seen":"2023-05-07T16:57:14Z","last_seen":"2026-06-08T02:40:01.043443Z","times_seen":1001,"resource_available":false,"data":null}},"time_used":1531,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1130,"receive":401,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"69303ae7-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-08T04:38:51.920557Z","times_seen":279552,"resource_available":true,"data":null}},"time_used":1464,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1120,"receive":344,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/_buildManifest.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/_buildManifest.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-10f8\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4344,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4344), with no line terminators","md5":"300f0c98b87cdaf3c5cda9c2e48209e2","sha1":"70a25d9905b6bacf802bfc2ae4b0a09cadf7f95d","sha256":"a58c83ec091977ddd7147ebdddcdcdc2ff265912766d7ea0d3b6ae54559e6770","sha512":"19ab302568464cc2e734c46cfb8c3154da12c896bba880c5d8172add97a69d6023af3b4cf1e6f508e958da7ec8721b363aa30cd022c6e37010fb4e2644313e06","ssdeep":"48:J3fs7tBbm16rfqFkJkkgUawkMEGemT+2u1HSY9Daw5V3j6cP:pfB5kJke0PZSY9pV3/","tlshash":"159159820d327e851ed3fc497dbdaf3e85d004b1e9b6427752ad842e85810389f69b94","first_seen":"2023-06-10T15:07:45Z","last_seen":"2026-05-28T10:17:40.256774Z","times_seen":123,"resource_available":true,"data":null}},"time_used":1117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-18T23:38:33.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:34 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 03 Nov 2022 02:59:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63632e84-84dd\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Ant Design","description":"Ant Design is a UI library that can be used with data flow solutions and application frameworks in any React ecosystem.","website":"https://ant.design","common_platform_enumeration":"","icon":"Ant Design.svg","categories":["UI frameworks"]},{"name":"scrollreveal","description":"","website":"https://scrollrevealjs.org","common_platform_enumeration":"","icon":"scrollreveal.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34013,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1302), with CRLF line terminators","md5":"18cb04a59d5c497b14f8b8fe1ad77e92","sha1":"6a40d519948af2c32e11855693ba7bbb187ee358","sha256":"76a356528f7741beb5598844ced8b00a0bf74e98a381b5eed0db80cba555a288","sha512":"81907f523f4990de657cff76084481985892518751d051ad41dcd666f05576da5a38b62c7cb6a9308689870c9a8ec726b3625b5270774b3e4ac7d37b9c04edbb","ssdeep":"192:ZKISJSsNeQjtomoJleYbDSwAuvTHqUFRbl3TwRkAzj96R9LNx2BSV7EHPFXcbDfB:HnsdlOrQzj98NdJCPFXcbDPx","tlshash":"74e24f36acc5e4670233d5c1d875bb6dfd818123caa4a80ab2fd5bc35fb6e988e17444","first_seen":"2023-08-06T23:33:25Z","last_seen":"2026-04-15T16:57:24.45864Z","times_seen":20,"resource_available":false,"data":null}},"time_used":1566,"timings":{"blocked":657,"dns":153,"connect":247,"send":0,"wait":251,"receive":0,"ssl":255},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/_app-26afb46c84ae5083d2c8.js","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/_app-26afb46c84ae5083d2c8.js HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-1f08\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7944,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7944), with no line terminators","md5":"3636ec28433fa1cf50647d0850f3f3fc","sha1":"895a287647cd5edc53d9b6f758be3381e31513ac","sha256":"b0dcd8fdc5b3ad0c817bb96054580e449a63f415c952d2abf96038c0951595e1","sha512":"06fe82dc2b75c7cb646262dc7dfd5d083300a1704c1c5a33f9a331afba0f32b096759000829deb0e29d9a809207cc11e65afa1e80c92d19b5d5a9f0da328e039","ssdeep":"96:V7jR75sA7jqf2wR/xJ6RUQfq0MSIsg/lADCpl1MylkO6q4ZwPDP7I4zqMBZ55qZx:Rd7N1IZN0MQalkCplObqlbHz95NQ3op+","tlshash":"6ff1a48971a1f08127f695f2403f510eb3f2696da49dd0806766c4f89efa95e4323f1c","first_seen":"2023-03-13T01:47:10Z","last_seen":"2026-05-28T12:48:09.321817Z","times_seen":576,"resource_available":true,"data":null}},"time_used":1175,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1175,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/arrow-down.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/arrow-down.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 207\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-cf\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":207,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"120e5756289bdf45cd9f51442b1224c9","sha1":"a53737a735a6502ace15f6fcaa404f7c42abd483","sha256":"f22a34371e6b2d446921f8542f85b81a4673d4ea2aa5f6bb759037b36037632f","sha512":"f49b1fd7502f0934e972ad635159cb5c487611f75db00c246e9d70895f815204fa699e4890b274f641d560501b19a8657374712b519bc37a3a2ac1512e57877a","ssdeep":"","tlshash":"bed0223bb32ccc1cb5124528e3ba367150f3109308cd2654d8332131ae054afbb2bae8","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-04T13:55:02.188011Z","times_seen":2766,"resource_available":false,"data":null}},"time_used":1515,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1166,"receive":349,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/banner.png","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/banner.png HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-b462\"\r\nexpires: Tue, 17 Feb 2026 23:38:35 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46178,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1000 x 1000, 8-bit colormap, non-interlaced","md5":"ad9792ead2ce10cf4db72cb8a5ad7abb","sha1":"1eafd79d8630feebc01d806a4bf525b0c6b1e0e8","sha256":"e075e1cdad6e176e330ac0f927da14388ba5ad54cc0888b39dd54051b9987e61","sha512":"20c905d047fe315630e143bea8b21e250b2b31dff0b82542adc18377c60e112a76c455517e04e54f707a0729c9048daffd3b2d6dbe7f549bf28147cc7b8beecc","ssdeep":"768:syGVt5SSk+GII7jfi0LOURWhIozDk1RCf9ytwVVuEosk7JAl30TVcEHhISVON:syCkLpjfV26+Dk7W9Qwvu1s4JYkTVcqu","tlshash":"272302652d454e37eb7aaab4892c50be0300aa75633abb3690b1562d3db940933dc6b0","first_seen":"2023-05-07T16:57:14Z","last_seen":"2026-06-04T13:55:02.188975Z","times_seen":2545,"resource_available":false,"data":null}},"time_used":1164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/imkey.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/imkey.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-3423\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13347,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a3fd6cd4340f73f2f44388e97964f3eb","sha1":"694e8d4a2dfdd16c8f3444e77fe5d58c8ff1e907","sha256":"ef070fb21fd2892969662d3f1d08792aef524bd34a1c437a8e4129c3f99bbf69","sha512":"4962daa17f6fad3aa449210f0ad381083b9a8c524dd539c592feb3cc3fc96d08f8b26ac24296634c2d3a5c557eb56086e45bcd1bb1a42937f22d7ac5d698a294","ssdeep":"192:WFDb/y/y3W0o7HYkS53bOz9cJnJ+ujFNg8znwtjuo+jco8aBP:cbPmYX53bZPNnzwtjuo+jcoL","tlshash":"925279dc2f1867e894c053daaf2a50fdac2bd0ee6688d514c6042f1d788947ebc775ca","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-08T02:40:01.036401Z","times_seen":1680,"resource_available":false,"data":null}},"time_used":1163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/partner-zcash.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/partner-zcash.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-1308\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4872,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fa3d9b23853e22e41ac3e8a0d0d4c0df","sha1":"a604e9d2deae651c1f89386d74c6a73bd487355e","sha256":"a6eef80e8bafe512807a717ab3e7c78644a65d6ab998fe3f746c8fe48ae13c6b","sha512":"6462d86b4f5e89a14408bfd1b78a86b6f1aadfdaec23f5b8f411279c9d2cf727dac822f401776e686e0207742113bee5e60f6fbf252ef3ebfa5abd41c3d96133","ssdeep":"96:U8w0fjtS5v6Zv3O8aMtDHQFO5Spe84BiJWeaJsO1FgogY8h33n:U8SV0v+8/tjQFO5Yh4UpIJgogY8h33n","tlshash":"43a199dc3f3648f9bc44a37edb1200e83441a9ea3d821b95d3741e0e34859649e9cdd7","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-04T13:55:02.205422Z","times_seen":836,"resource_available":false,"data":null}},"time_used":1161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/partner-etherscan.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/partner-etherscan.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-2bff\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11263,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c2396dfee53ab9d34632f6fedd15c47e","sha1":"f2e7cc706a3486b0e8c27ec8ad71a97d671707d4","sha256":"d9c83c68c73cab3ade09c13bd2d323325648c652b28cc92a535b2db8068a92b3","sha512":"c432dd748aed17122a33133a3ea814f445b7529741805857c8b1a5ab8c363baf7cdc50e78ceb36ae4e1e9c258f1d8d11cdcccc9f94a7bcbb906952ab942f581c","ssdeep":"192:U8ENPeQpwC/8tvEY74rBx5IZoLwUqcCvwGPWwBjaQTVgixW05O7oK:TAmQpwC6sD5v39ujaQLW4GoK","tlshash":"023281cc773a46f8bc45f5bec70644ba7802aeaa78414958c3b42d5c2c4482c9dbddeb","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-08T02:40:01.041752Z","times_seen":1577,"resource_available":false,"data":null}},"time_used":1154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/0b502bd7632b779787e7571ed7da626349d4848b_CSS.b97c0dd0.chunk.css","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:36.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/0b502bd7632b779787e7571ed7da626349d4848b_CSS.b97c0dd0.chunk.css HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xz.imtokeno.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: Hm_lvt_f4b3788b2247dd149fb7fdffe8aece79=1768779516; Hm_lpvt_f4b3788b2247dd149fb7fdffe8aece79=1768779516; _ga=GA1.2.1275638301.1768779516; _gid=GA1.2.1598784226.1768779516; _gat=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:36 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-3a81c\"\r\nexpires: Mon, 19 Jan 2026 11:38:36 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":239644,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"aaf80d6ccff93c1d0b146af2a494c961","sha1":"ca59012e21b1cc85afaa7309797ac8922ccc4304","sha256":"2716d3320d4373beda8ea9b00f93b7859595d356f86e03b798c504f75441cf9b","sha512":"a59093d45b90b35b2c2776963c635cedb8a0b43a8c07b8809a624deb0c096b359fc89b06babd7cef4ec40a60257a4f9a2486b9211afb77fa33c0be7db1c092bd","ssdeep":"1536:gBzfkfXfkfuf+fyf+f80vjEGWGTOR9COXo+1sHz:0fkfXfkfuf+fyf+fxvYLXCOX+","tlshash":"3f34b8d165d1312cba6fc727b6e49889a7204523d36f9dfea131329dcf85287229370e","first_seen":"2023-04-09T05:09:01Z","last_seen":"2026-05-28T10:17:40.198752Z","times_seen":311,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/484c840239a025432effd6ecc373d498fa764368_CSS.4e604f4b.chunk.css","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/484c840239a025432effd6ecc373d498fa764368_CSS.4e604f4b.chunk.css HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-13c23\"\r\nexpires: Mon, 19 Jan 2026 11:38:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80931,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"26943ce7723571872e2b202442174f76","sha1":"725ba1ec11662845e76f792fefa4c2d7e1377063","sha256":"ac35043f4c19bd76511cb7553a66eeff8f21e4d0c6e518bedbbf3b270b6826e2","sha512":"e500b43e48b794d17b86d59301902edc0c732ef4e5aaf42d88e182b3ec476be7b8f032afcf5b4508f56fa40d6682bded3529653b86b98296674c2813a5286ec2","ssdeep":"768:wbKwmgzY0vPCuGZfg3byjQWjNc3Ug/WNm14Zsz9:UKhgkACuGZftQE8P/UeOk","tlshash":"bd835a2f2b11211ad2a2df1a66c53b9dd931ea33b179decff6d53c218786e464890d03","first_seen":"2023-04-09T05:09:01Z","last_seen":"2026-05-28T12:48:09.307118Z","times_seen":1189,"resource_available":false,"data":null}},"time_used":1134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/tokenfans(1).svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/tokenfans(1).svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-680\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1664,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4e04f06c03173fda09427b277300b06a","sha1":"6929723c8522f86632090ca657e45e132f1ede02","sha256":"2ffb6220e64d52868c4ac80421efeb49c990bac0af584b00987e76a541b23e6a","sha512":"e0c48c1e1c87021253d76c1562388f172dc06cae679009c6cfa21fa236c056ce57dc39c0d1345c3698a078487adacdc970032b0e4e79630c9c490322f4bba566","ssdeep":"","tlshash":"863144e2e3c962d05607dff5d63419e1a9df18f73ba5cb980265174c9e8020c494cca4","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-04T13:55:02.210152Z","times_seen":1047,"resource_available":false,"data":null}},"time_used":1137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beacon-v2.helpscout.net/static/js/main.851b6206.js","fqdn":"beacon-v2.helpscout.net","domain":"helpscout.net","tld":"net"},"ip":{"addr":"3.167.2.34","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:35.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.helpscout.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Thu, 06 Mar 2025 00:00:00 GMT","end":"Fri, 03 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"13:DB:4C:AE:C2:EF:23:C5:95:76:77:E7:70:21:28:E3:46:E4:F2:1E","sha256":"95:AE:AF:20:4C:C0:EA:E7:FF:CA:03:0F:C4:66:5D:C6:D6:64:20:9E:28:52:44:DB:EB:C1:E2:48:D0:A1:93:CD"}}},"request":{"raw":"GET /static/js/main.851b6206.js HTTP/1.1\r\nHost: beacon-v2.helpscout.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 9696\r\nlast-modified: Fri, 21 Oct 2022 15:46:34 GMT\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sun, 18 Jan 2026 23:38:37 GMT\r\ncache-control: max-age=315360000, s-maxage=7200, public\r\netag: \"e81d1139b42169d1465671d20714f09c\"\r\nx-cache: RefreshHit from cloudfront\r\nvia: 1.1 e6220bd7bee9300eb5b87a282645e6ec.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: PWvh2LHtTIm8kuAdE3NNm3ka7NG36Dw9oigz14LBZ0aIm_qDtcJo-w==\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000\r\nvary: accept-encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25070,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (24956)","md5":"6d74e8d0144ef7f3eb8be4276aba6760","sha1":"8ed657c1c16c4e272500586907e46aaa1e0cdbff","sha256":"c98b2560e54fa69988c54700e8618226b2ce814459e4a24f50eca15892fb32cd","sha512":"58e0ebad3184490ea81dad2a3d8d67315122208e5be58396e19d81a2317c3df34115b5fcfffb778c0f9c45543a02e6525cbeb71a9c60850dc29882be105f846d","ssdeep":"768:kXrMmOecvo5LWe8pVMpm9tW8O1QiP9wZDSpThAl4kdde9/:29wZupTYJG/","tlshash":"27b229d939d270ed1143dfe51abf0a89a72e3830b4266494b7ccd4da6b3298dd143f19","first_seen":"2023-03-10T12:59:33Z","last_seen":"2026-05-28T10:17:40.182229Z","times_seen":128,"resource_available":true,"data":null}},"time_used":412,"timings":{"blocked":40,"dns":22,"connect":5,"send":0,"wait":329,"receive":1,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/styles.2224a2cf.chunk.css","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:36.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/styles.2224a2cf.chunk.css HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xz.imtokeno.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: Hm_lvt_f4b3788b2247dd149fb7fdffe8aece79=1768779516; Hm_lpvt_f4b3788b2247dd149fb7fdffe8aece79=1768779516; _ga=GA1.2.1275638301.1768779516; _gid=GA1.2.1598784226.1768779516; _gat=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:36 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-38b4\"\r\nexpires: Mon, 19 Jan 2026 11:38:36 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14516,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14516), with no line terminators","md5":"faaf5afd32b289c34bc0e1e9f2d43db8","sha1":"b8e7f8ff0c107f28903e70ec103412afbf8e4d0e","sha256":"cf23c1a08436aa9ca2cbfdae42eb4979caa56f972b0c80caafe466a64956d6c8","sha512":"6c449ff46e30ac65425b2925474a28467c0c87d8e7c7edbf7c790849958d8042f4594aa111713e1b862bf238ab4c1bec695254a75e2e163695bde58a350970a6","ssdeep":"192://xXQzuBhtSu/Zjj9gsb89ZXMGvppByqP5+:7bZyW0NMGvpryqQ","tlshash":"b55212195234322c61e39335aac87d49f5358912837f45bde4e2b31edff84630ea6b89","first_seen":"2023-04-09T05:09:01Z","last_seen":"2026-05-28T12:48:09.360595Z","times_seen":589,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":255,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/medium.svg","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:34.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/medium.svg HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xz.imtokeno.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 224\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\netag: \"63631b18-e0\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":224,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6a49621075d683c755db86def96ca77f","sha1":"738d6ed4c702623f09a65afeeba6688d229f3f42","sha256":"077943f1b01d0d63a8becbaa9f8a8af2aee71f368081f6a43576ce1e0da56049","sha512":"ba11c88f67891ba18ee2687f3556b8329f97c17d39560f6b71d18f388bf1a16f0cd82b9e12b00a293a955351445d485234da4b434dda9c22094065069b39463e","ssdeep":"","tlshash":"00d023e8c44c08048f3cc649df2f3d2e107561d3075c441fe0802200fc45aa2380c47c","first_seen":"2023-05-10T10:24:22Z","last_seen":"2026-06-08T02:40:01.050661Z","times_seen":1151,"resource_available":false,"data":null}},"time_used":1540,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1138,"receive":402,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xz.imtokeno.vip/static/484c840239a025432effd6ecc373d498fa764368_CSS.4e604f4b.chunk.css","fqdn":"xz.imtokeno.vip","domain":"imtokeno.vip","tld":"vip"},"ip":{"addr":"83.229.122.227","port":443,"asn":139659,"as":"LUCIDACLOUD LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xz.imtokeno.vip/","date":"2026-01-18T23:38:36.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xz.imtokeno.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 04:07:31 GMT","end":"Sat, 07 Mar 2026 04:07:30 GMT"},"fingerprint":{"sha1":"94:FD:A5:81:B3:6A:C9:5C:88:B5:0C:BC:9E:C9:30:94:78:57:4D:84","sha256":"7C:6F:23:E0:29:2D:29:B2:16:C2:27:BE:16:24:CA:18:B1:73:02:33:30:37:35:FE:C9:A2:0B:F5:4A:51:B4:39"}}},"request":{"raw":"GET /static/484c840239a025432effd6ecc373d498fa764368_CSS.4e604f4b.chunk.css HTTP/1.1\r\nHost: xz.imtokeno.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xz.imtokeno.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: Hm_lvt_f4b3788b2247dd149fb7fdffe8aece79=1768779516; Hm_lpvt_f4b3788b2247dd149fb7fdffe8aece79=1768779516; _ga=GA1.2.1275638301.1768779516; _gid=GA1.2.1598784226.1768779516; _gat=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 23:38:36 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 03 Nov 2022 01:36:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63631b18-13c23\"\r\nexpires: Mon, 19 Jan 2026 11:38:36 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80931,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"26943ce7723571872e2b202442174f76","sha1":"725ba1ec11662845e76f792fefa4c2d7e1377063","sha256":"ac35043f4c19bd76511cb7553a66eeff8f21e4d0c6e518bedbbf3b270b6826e2","sha512":"e500b43e48b794d17b86d59301902edc0c732ef4e5aaf42d88e182b3ec476be7b8f032afcf5b4508f56fa40d6682bded3529653b86b98296674c2813a5286ec2","ssdeep":"768:wbKwmgzY0vPCuGZfg3byjQWjNc3Ug/WNm14Zsz9:UKhgkACuGZftQE8P/UeOk","tlshash":"bd835a2f2b11211ad2a2df1a66c53b9dd931ea33b179decff6d53c218786e464890d03","first_seen":"2023-04-09T05:09:01Z","last_seen":"2026-05-28T12:48:09.307118Z","times_seen":1189,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-18","alert":"Phishing Block","trigger":"xz.imtokeno.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"xz.imtokeno.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}