Imperva Reese84 ACTIVE
The reese84 interrogation challenge, fully reversed.
Overview
Imperva's Reese84 challenge is a JavaScript VM that collects browser fingerprints, serializes them through a custom encryption pipeline, and sends the result to an interrogation endpoint that returns the reese84 cookie. VexSolver reverses the VM, generates a matching fingerprint, and posts the interrogation natively — no browser involved.
The engine also handles the UTMVC and CWUDNSAI second-layer challenges that some Imperva-protected sites add on top. Every solve runs through an end-to-end verify step: we re-fetch the target with the minted cookies before we tell you success: true.
Cookies returned
- ›
reese84— primary interrogation token - ›
visid_incap_<site_id>— Imperva visitor ID - ›
incap_ses_<num>_<site_id>— session cookie - ›
nlbi_<site_id>_<lb_id>— load balancer ID - ›
___utmvc— UTMVC layer (when present)
Step 1 — Submit
curl -X POST https://api.vexsolver.com/api/solve \
-H "X-API-Key: sk_live_..." \
-H "Content-Type: application/json" \
-d '{
"url": "https://www.smythstoys.com/uk/en-gb",
"proxy": "http://user:pass@your-proxy:8080"
}'
# → { "taskId": "..." }Step 2 — Poll
curl -G "https://api.vexsolver.com/api/getTaskResult" \ -H "X-API-Key: sk_live_..." \ --data-urlencode "taskId=<taskId>"
Force fresh solve
curl -X POST https://api.vexsolver.com/api/solve \
-H "X-API-Key: sk_live_..." \
-H "Content-Type: application/json" \
-d '{
"url": "https://www.smythstoys.com/uk/en-gb",
"proxy": "http://user:pass@your-proxy:8080",
"fresh": true
}'Poll result shape
{
"success": true,
"vendor": "incapsula",
"source": "incap_solver",
"target": "https://www.smythstoys.com/uk/en-gb",
"attempts": 1,
"cached": false,
"elapsed_ms": 2990,
"solve_ms": 2990,
"solved_at": 1776997541,
"expires_at": 1776998141,
"ttl_sec": 600,
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
"proxy_fp": "a31b77de2091",
"cookies": "reese84=3:abc...; visid_incap_2483049=mP5vmbq...; incap_ses_780_2483049=npbsJ+oQrR...; nlbi_2483049=r/3IGfH+O0Y...",
"cookie_map": {
"reese84": "3:abc...",
"visid_incap_2483049": "mP5vmbq1SFyIiwni...",
"incap_ses_780_2483049": "npbsJ+oQrR2CO+VQ...",
"nlbi_2483049_2147483392": "r/3IGfH+O0YF4v3S..."
}
}Replay rules for Imperva cookies
Imperva binds the reese84 + incap_ses set to both egress IP and User-Agent:- Replay through the same proxy you passed to
/api/solve - Use the returned
user_agenton your follow-up requests - Keep the full cookie set together (reese84 alone is not enough)
Python end-to-end example
import time, requests
API = "https://api.vexsolver.com"
KEY = "sk_live_..."
HEADERS = {"X-API-Key": KEY, "Content-Type": "application/json"}
PROXY = "http://user:pass@your-proxy:8080"
# 1. Submit
r = requests.post(f"{API}/api/solve", headers=HEADERS,
json={"url": "https://www.smythstoys.com/uk/en-gb", "proxy": PROXY})
task_id = r.json()["taskId"]
# 2. Poll
for _ in range(60):
time.sleep(2)
r = requests.get(f"{API}/api/getTaskResult",
params={"taskId": task_id}, headers={"X-API-Key": KEY})
data = r.json()
if data.get("status") != "pending":
break
if not data["success"]:
raise RuntimeError(data.get("error"))
# 3. Replay through the SAME proxy + same UA
session = requests.Session()
session.headers["Cookie"] = data["cookies"]
session.headers["User-Agent"] = data["user_agent"]
page = session.get("https://www.smythstoys.com/uk/en-gb",
proxies={"http": PROXY, "https": PROXY})
print(page.status_code)Tested on
100+ real-world Imperva-protected targets including smythstoys, allegro, and every major e-commerce Reese84 deployment.Typical performance
- › Cache hit: 1-30 ms (
cached: true) - › Replay template: 2-4 seconds
- › Cold capture: 5-8 seconds (first time seeing a new site)