{"report_id":"4c015fbf-36e0-4879-abaa-0cbe6030e187","version":6,"status":"done","tags":[],"date":"2025-09-26T16:39:12Z","url":{"schema":"http","addr":"expresartecomunicacion.com.mx/","fqdn":"expresartecomunicacion.com.mx","domain":"expresartecomunicacion.com.mx","tld":"com.mx"},"ip":{"addr":"108.179.194.39","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"expresartecomunicacion.com.mx/","fqdn":"expresartecomunicacion.com.mx","domain":"expresartecomunicacion.com.mx","tld":"com.mx"},"title":"Expresarte ComunicaciĆ³n"},"submit":{"url":{"schema":"http","addr":"expresartecomunicacion.com.mx/","fqdn":"expresartecomunicacion.com.mx","domain":"expresartecomunicacion.com.mx","tld":"com.mx"},"ip":{"addr":"108.179.194.39","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-31T16:39:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"expresartecomunicacion.com.mx","ip":{"addr":"108.179.194.39","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"domain_registered":"2014-05-21","domain_rank":0,"first_seen":"2025-09-25T20:38:08.794365Z","last_seen":"2025-09-25T20:38:08.794365Z","alert_count":15,"request_count":8,"received_data":794812,"sent_data":3775,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-21T22:11:31.798564Z","alert_count":0,"request_count":1,"received_data":10419,"sent_data":551,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-21T22:11:31.014241Z","alert_count":0,"request_count":2,"received_data":25746,"sent_data":1128,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"expresartecomunicacion.com.mx/","fqdn":"expresartecomunicacion.com.mx","domain":"expresartecomunicacion.com.mx","tld":"com.mx"},"ip":{"addr":"108.179.194.39","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-26T16:38:50.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expresartecomunicacion.com.mx","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 10:12:05 GMT","end":"Wed, 26 Nov 2025 10:12:04 GMT"},"fingerprint":{"sha1":"61:EE:8C:41:08:31:49:D5:19:94:B7:B0:7C:FD:63:61:08:09:B2:E8","sha256":"B7:31:87:4C:78:C7:C1:F8:02:C5:5B:18:8B:31:EF:44:14:35:B0:B8:0C:DE:BF:CA:F3:5F:57:BD:78:D8:2C:99"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: expresartecomunicacion.com.mx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 22 Sep 2025 19:59:21 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 1047\r\ncontent-type: text/html\r\ndate: Fri, 26 Sep 2025 16:38:50 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":2599,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"141129e6e03871ef03839bef4ede38c2","sha1":"50fefea7bc3ec04077542d4fbb7f95423efb90f2","sha256":"13a2e76fd911d86630f57af7a50336084d9e6b41f647fb57f9df8a3009b7a25a","sha512":"29081f813c23731e8d7e55e42e936b0889bd2642b20514e807cba37a6f67a60920408132d46faef85f9be5eee2573451b80ff78b5cd38277c954145ab53669bc","ssdeep":"","tlshash":"2f5123e1d1e43576912351dbbda23febace1009fc7104240fa7e20794fc9e96647b928","first_seen":"2025-09-26T16:39:14.559767Z","last_seen":"2025-09-26T16:39:14.559767Z","times_seen":1,"resource_available":false,"data":null}},"time_used":583,"timings":{"blocked":231,"dns":1,"connect":112,"send":0,"wait":120,"receive":0,"ssl":118},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Titillium+Web:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://expresartecomunicacion.com.mx/","date":"2025-09-26T16:38:50.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /css2?family=Titillium+Web:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://expresartecomunicacion.com.mx/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 26 Sep 2025 16:38:51 GMT\r\ndate: Fri, 26 Sep 2025 16:38:51 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9733,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e57dbd1d91131a975fd05a9d54c42b2b","sha1":"c47e33dfd4a65ef85bc1d81381480de940838aed","sha256":"6b0e3665bd18e9da983f0c0bea19b45a417de45190d3657bf9c31704066e8daa","sha512":"fef3936412863b1c6f0ff69e496571320f0a517a4f5868128f9acc1b5e8399d5f03e80a1f8701496d7f5475306086b0669443ca4f1147079b5128c91981fd2aa","ssdeep":"192:pAPAAqn8AnNOQAOwEVAE8rNArC0mqDFEZYSYCKKAxK0Urz:ptBJNClDTCkNB","tlshash":"2a12fe810caba100da974dc663ce3e37ef0e71516458a938affe04e8bcdac5a835571c","first_seen":"2025-09-11T21:26:51.287904Z","last_seen":"2026-04-06T10:58:35.659112Z","times_seen":401,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":109,"dns":1,"connect":17,"send":0,"wait":35,"receive":0,"ssl":95},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"expresartecomunicacion.com.mx/img/right.png","fqdn":"expresartecomunicacion.com.mx","domain":"expresartecomunicacion.com.mx","tld":"com.mx"},"ip":{"addr":"108.179.194.39","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://expresartecomunicacion.com.mx/","date":"2025-09-26T16:38:50.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expresartecomunicacion.com.mx","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 10:12:05 GMT","end":"Wed, 26 Nov 2025 10:12:04 GMT"},"fingerprint":{"sha1":"61:EE:8C:41:08:31:49:D5:19:94:B7:B0:7C:FD:63:61:08:09:B2:E8","sha256":"B7:31:87:4C:78:C7:C1:F8:02:C5:5B:18:8B:31:EF:44:14:35:B0:B8:0C:DE:BF:CA:F3:5F:57:BD:78:D8:2C:99"}}},"request":{"raw":"GET /img/right.png HTTP/1.1\r\nHost: expresartecomunicacion.com.mx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://expresartecomunicacion.com.mx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 22 Sep 2025 19:59:35 GMT\r\naccept-ranges: bytes\r\ncontent-length: 29811\r\ncontent-type: image/png\r\ndate: Fri, 26 Sep 2025 16:38:50 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":29811,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 430 x 140, 8-bit/color RGBA, non-interlaced","md5":"5938135ad60cfc81a8bf7ab7337ecc73","sha1":"bb04b52a4f13253071b7d82642859383997dd0c0","sha256":"d3f1dd4b9c7f966158f10f87984cb0d748cf0d47e9099de1944cd53b445ffd6f","sha512":"21d053eb4cb6e318163d9befdce629f9eaa82fb0d4bd0de3807387d959a7d6dbf720d06d86c8a465a23a41a33ac5c090e4ddb9e1f15b4e7d9120f1db0202a8b2","ssdeep":"384:lKDwHrxlPuXvEU7PkEw9IVMLOAp/hxLmQBB2HeE0c9yUns/SVvjUd9+/gJpAsecL:lKDwLxUXv3QRLOApbLgeGV8SV7Wk/s1L","tlshash":"ecd2d1d2bd540af456b4d6e652e10971cf317e92ec80c6eb338028c9e5461ea3da5bcd","first_seen":"2025-09-26T16:39:14.56368Z","last_seen":"2025-09-26T16:39:14.56368Z","times_seen":1,"resource_available":false,"data":null}},"time_used":560,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":452,"receive":108,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"expresartecomunicacion.com.mx/img/slogan.png","fqdn":"expresartecomunicacion.com.mx","domain":"expresartecomunicacion.com.mx","tld":"com.mx"},"ip":{"addr":"108.179.194.39","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://expresartecomunicacion.com.mx/","date":"2025-09-26T16:38:50.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expresartecomunicacion.com.mx","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 10:12:05 GMT","end":"Wed, 26 Nov 2025 10:12:04 GMT"},"fingerprint":{"sha1":"61:EE:8C:41:08:31:49:D5:19:94:B7:B0:7C:FD:63:61:08:09:B2:E8","sha256":"B7:31:87:4C:78:C7:C1:F8:02:C5:5B:18:8B:31:EF:44:14:35:B0:B8:0C:DE:BF:CA:F3:5F:57:BD:78:D8:2C:99"}}},"request":{"raw":"GET /img/slogan.png HTTP/1.1\r\nHost: expresartecomunicacion.com.mx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://expresartecomunicacion.com.mx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 22 Sep 2025 19:59:30 GMT\r\naccept-ranges: bytes\r\ncontent-length: 568638\r\ncontent-type: image/png\r\ndate: Fri, 26 Sep 2025 16:38:50 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":568638,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1598 x 1189, 8-bit/color RGBA, non-interlaced","md5":"b0d8fc7725837363ecd20c636ad56866","sha1":"1f830c0fadcf0bdc324eb628f0f87b8e8534dddd","sha256":"0aefad28bba1b5acfbe2f30cf87dfee08bf1c25ae01ec90899468f8023735f0a","sha512":"653d0d308e05043ae97889fe94f13b375bdc86745e00ac1fa3485f41c9979a27251350b699c9ab20cf03b6cd1c556c4916fd9148357c3f1f5292d49a534c2817","ssdeep":"12288:R6MgMQoNNJHTxcATYnnBZsWmpNWb5t+hqCIy7KpliuzweKpkxqDtQR7:R6MgmNrTx9YnbRgWbWhqCIyGniawej8K","tlshash":"6dc4239bd23a7944cf52983723e657269bb871f3710b863905fce44309a2179bdc588b","first_seen":"2025-09-26T16:39:14.56611Z","last_seen":"2025-09-26T16:39:14.56611Z","times_seen":1,"resource_available":false,"data":null}},"time_used":680,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":454,"receive":226,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"expresartecomunicacion.com.mx/img/back.png","fqdn":"expresartecomunicacion.com.mx","domain":"expresartecomunicacion.com.mx","tld":"com.mx"},"ip":{"addr":"108.179.194.39","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://expresartecomunicacion.com.mx/","date":"2025-09-26T16:38:51.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expresartecomunicacion.com.mx","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 10:12:05 GMT","end":"Wed, 26 Nov 2025 10:12:04 GMT"},"fingerprint":{"sha1":"61:EE:8C:41:08:31:49:D5:19:94:B7:B0:7C:FD:63:61:08:09:B2:E8","sha256":"B7:31:87:4C:78:C7:C1:F8:02:C5:5B:18:8B:31:EF:44:14:35:B0:B8:0C:DE:BF:CA:F3:5F:57:BD:78:D8:2C:99"}}},"request":{"raw":"GET /img/back.png HTTP/1.1\r\nHost: expresartecomunicacion.com.mx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://expresartecomunicacion.com.mx/css/css.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 22 Sep 2025 19:59:34 GMT\r\naccept-ranges: bytes\r\ncontent-length: 956\r\ncontent-type: image/png\r\ndate: Fri, 26 Sep 2025 16:38:51 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":956,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 6 x 80, 8-bit/color RGBA, non-interlaced","md5":"740bbd4b2e44043636b827b1ae285816","sha1":"95cdd3fcf2371bec3f230ecb5841e0054111c164","sha256":"1a960493e16ac6778d8c08fa216623a13fd185a3122ce1bc3e26b040ca240f82","sha512":"5318127735992528664d3f9768f5a24add1ce1327346d972b8b8b1c18e4ce8b6cb1d03acd09a1cda269475a6514b1f0a77e4b805b0765f08080a8254f9fd7b01","ssdeep":"","tlshash":"8611449af9a0bc01e489998315fb8037dd228ac485c0f4f56ccfdc171d781f9549aacb","first_seen":"2025-09-26T16:39:14.568552Z","last_seen":"2025-09-26T16:39:14.568552Z","times_seen":1,"resource_available":false,"data":null}},"time_used":506,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":505,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/titilliumweb/v19/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://expresartecomunicacion.com.mx/","date":"2025-09-26T16:38:51.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/titilliumweb/v19/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://expresartecomunicacion.com.mx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 11732\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 24 Sep 2025 17:22:47 GMT\r\nexpires: Thu, 24 Sep 2026 17:22:47 GMT\r\ncache-control: public, max-age=31536000\r\nage: 170164\r\nlast-modified: Tue, 09 Sep 2025 18:57:42 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11732,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 11732, version 1.0","md5":"6a025e37840087fc773a919e805d677c","sha1":"4f716b1a077ece2131283eb0eb033595baa0dd97","sha256":"9e3162d81ed6681322ab34791660f1b45c79945197e7a7dbb217005b2926caf4","sha512":"5820533d57126e6b1ac98e1a719b319a79dc14f6b91d8c01652f4ffdc55119b881ef1346520e98bfe01e5d0b6bfb9f682df80dfa22e1c9ec66d6030a47930111","ssdeep":"192:TGmzw/sd1bnYKK3INB6lG7BCYw1JKWZS218VXv9oe8lBaMPnhT98yFZhPD4Sctg:69/sMrSeU9wjLSDIBtPnhVFjcSOg","tlshash":"b232b0e73d815e2dc5d8fa325057c2c61f31707b4ed5ce6dc888e38629b177496643a1","first_seen":"2025-06-03T23:22:11.175795Z","last_seen":"2026-04-06T10:58:35.656311Z","times_seen":3346,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":119,"dns":1,"connect":16,"send":0,"wait":16,"receive":5,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/titilliumweb/v19/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://expresartecomunicacion.com.mx/","date":"2025-09-26T16:38:51.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/titilliumweb/v19/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://expresartecomunicacion.com.mx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 12344\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 24 Sep 2025 17:26:29 GMT\r\nexpires: Thu, 24 Sep 2026 17:26:29 GMT\r\ncache-control: public, max-age=31536000\r\nage: 169942\r\nlast-modified: Tue, 09 Sep 2025 18:58:54 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12344,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 12344, version 1.0","md5":"cfb5bec034d29df6c0f56c2c1a0e8340","sha1":"05f51cc85c5fe3b64b2203b363cb48c31f84ce44","sha256":"861b80b49d2a634d8746e2e45c672309d9ba69a2fdd95da2af034d7a1d09b3f9","sha512":"885fbe35410197a048133cebc5e21afda24d4a901fa54923627a0c4124fde39300b235cb1cb7f18779882f57b76380cb1b11477e55ce3e66574eb37f334e6edf","ssdeep":"384:YRKdoBN+5RRu4r3Pjt+Iu82luQVE/26qlNR:YrBQ5Rvr3PjA672/lNR","tlshash":"9242c0764667a3fac442683f2edb19fe897e3215cff65234440aeb9a02d834291dc731","first_seen":"2025-06-03T23:22:11.216712Z","last_seen":"2026-04-06T10:58:35.713383Z","times_seen":4143,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":85,"dns":0,"connect":0,"send":0,"wait":16,"receive":2,"ssl":69},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"expresartecomunicacion.com.mx/favicon.ico","fqdn":"expresartecomunicacion.com.mx","domain":"expresartecomunicacion.com.mx","tld":"com.mx"},"ip":{"addr":"108.179.194.39","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://expresartecomunicacion.com.mx/","date":"2025-09-26T16:38:51.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expresartecomunicacion.com.mx","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 10:12:05 GMT","end":"Wed, 26 Nov 2025 10:12:04 GMT"},"fingerprint":{"sha1":"61:EE:8C:41:08:31:49:D5:19:94:B7:B0:7C:FD:63:61:08:09:B2:E8","sha256":"B7:31:87:4C:78:C7:C1:F8:02:C5:5B:18:8B:31:EF:44:14:35:B0:B8:0C:DE:BF:CA:F3:5F:57:BD:78:D8:2C:99"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: expresartecomunicacion.com.mx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://expresartecomunicacion.com.mx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nlast-modified: Sat, 01 Oct 2022 09:31:01 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 4677\r\ncontent-type: text/html\r\ndate: Fri, 26 Sep 2025 16:38:51 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":11816,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (358)","md5":"a8063bd37d3c8fb3176a6bf140558a4d","sha1":"e32cf4b407db3d3773ded13ff64b70fdbad7735f","sha256":"bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482","sha512":"82d749f6b17b21587fb345ca196a2aa83eca80ad66ed9c1ab88b36709bed14175d53afefe9acc0dafc4fad78ffb8df155193a6829bc857ad6d68b1c84af7b854","ssdeep":"192:bpvXn2H25Zx48DNYGu6C9tdDOxktft1zQOPtaUrzvHlPuPQXGuV27BHplXtAUU/s:FvX2H25v4CYn6etFTBvhtv4IcpRtlU/s","tlshash":"bd32940bab4c063b1312459a7458639a370fc87fe2661bb474bfc06867d16a649f23dc","first_seen":"2023-04-05T03:58:47Z","last_seen":"2026-04-06T06:15:48.377553Z","times_seen":14390,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"expresartecomunicacion.com.mx/css/css.css","fqdn":"expresartecomunicacion.com.mx","domain":"expresartecomunicacion.com.mx","tld":"com.mx"},"ip":{"addr":"108.179.194.39","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://expresartecomunicacion.com.mx/","date":"2025-09-26T16:38:50.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expresartecomunicacion.com.mx","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 10:12:05 GMT","end":"Wed, 26 Nov 2025 10:12:04 GMT"},"fingerprint":{"sha1":"61:EE:8C:41:08:31:49:D5:19:94:B7:B0:7C:FD:63:61:08:09:B2:E8","sha256":"B7:31:87:4C:78:C7:C1:F8:02:C5:5B:18:8B:31:EF:44:14:35:B0:B8:0C:DE:BF:CA:F3:5F:57:BD:78:D8:2C:99"}}},"request":{"raw":"GET /css/css.css HTTP/1.1\r\nHost: expresartecomunicacion.com.mx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://expresartecomunicacion.com.mx/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 22 Sep 2025 19:59:24 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 522\r\ncontent-type: text/css\r\ndate: Fri, 26 Sep 2025 16:38:50 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":2317,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"57d8e3ca0b0d4dfca77657a712f3193b","sha1":"2c842d4f80a926beeaa85c9f8d563972dcbd9ca3","sha256":"dbd312ca6e19849b25030e399d1945eae27247f28ee4e25faff6993a039652ba","sha512":"fbb111f9dded42da510eca18efa68a611730f6d5bea4ccece959a7274c334bf238f76a6d64c441aff8edf5923af79be1f5f76a2bac7d61544d362ed8acc77476","ssdeep":"","tlshash":"2b41270298a38644f0019d56731fbba92a084c5b60dbd9b97fd24ab4cdc79f907c5b6c","first_seen":"2025-09-26T16:39:14.575134Z","last_seen":"2025-09-26T16:39:14.575134Z","times_seen":1,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"expresartecomunicacion.com.mx/img/expresartelogo.png","fqdn":"expresartecomunicacion.com.mx","domain":"expresartecomunicacion.com.mx","tld":"com.mx"},"ip":{"addr":"108.179.194.39","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://expresartecomunicacion.com.mx/","date":"2025-09-26T16:38:50.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expresartecomunicacion.com.mx","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 10:12:05 GMT","end":"Wed, 26 Nov 2025 10:12:04 GMT"},"fingerprint":{"sha1":"61:EE:8C:41:08:31:49:D5:19:94:B7:B0:7C:FD:63:61:08:09:B2:E8","sha256":"B7:31:87:4C:78:C7:C1:F8:02:C5:5B:18:8B:31:EF:44:14:35:B0:B8:0C:DE:BF:CA:F3:5F:57:BD:78:D8:2C:99"}}},"request":{"raw":"GET /img/expresartelogo.png HTTP/1.1\r\nHost: expresartecomunicacion.com.mx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://expresartecomunicacion.com.mx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 22 Sep 2025 19:59:25 GMT\r\naccept-ranges: bytes\r\ncontent-length: 158311\r\ncontent-type: image/png\r\ndate: Fri, 26 Sep 2025 16:38:50 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":158311,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 626 x 748, 8-bit/color RGBA, non-interlaced","md5":"cf994f1867ddf9c9d9cb250df29ae8a0","sha1":"ee355ac39f5f7158ae2315f693e79f3d1186804a","sha256":"57d3570b824a33ecfd84d2ec8649bf00b267836747c794a4388503fea221fc93","sha512":"432a219e6d9c1fd9c7b50500970614764228923cb9b0f7d840a9017baf238883c3112f00de8b8baeac59292f8e52a02a97529beb02bf94f3ba3827e132f1ab9e","ssdeep":"3072:9Vwjy0eNBv//XMIAl6bP2FDLMwdJOzoWjX9gGfWqHlvmAcN+u:9Vyu/kIeFDYwdJMd9OqHlOAK+u","tlshash":"85f31262fbcacd05a6cd014caacf1de7120b9479da54d23cc5c8dafcd34439dea98689","first_seen":"2025-09-26T16:39:14.578468Z","last_seen":"2025-09-26T16:39:14.578468Z","times_seen":1,"resource_available":false,"data":null}},"time_used":454,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":225,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"expresartecomunicacion.com.mx/img/left.png","fqdn":"expresartecomunicacion.com.mx","domain":"expresartecomunicacion.com.mx","tld":"com.mx"},"ip":{"addr":"108.179.194.39","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://expresartecomunicacion.com.mx/","date":"2025-09-26T16:38:50.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expresartecomunicacion.com.mx","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 10:12:05 GMT","end":"Wed, 26 Nov 2025 10:12:04 GMT"},"fingerprint":{"sha1":"61:EE:8C:41:08:31:49:D5:19:94:B7:B0:7C:FD:63:61:08:09:B2:E8","sha256":"B7:31:87:4C:78:C7:C1:F8:02:C5:5B:18:8B:31:EF:44:14:35:B0:B8:0C:DE:BF:CA:F3:5F:57:BD:78:D8:2C:99"}}},"request":{"raw":"GET /img/left.png HTTP/1.1\r\nHost: expresartecomunicacion.com.mx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://expresartecomunicacion.com.mx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 22 Sep 2025 19:59:33 GMT\r\naccept-ranges: bytes\r\ncontent-length: 18573\r\ncontent-type: image/png\r\ndate: Fri, 26 Sep 2025 16:38:50 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":18573,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 308 x 120, 8-bit/color RGBA, non-interlaced","md5":"58c359f28632d169704e1cc04727b661","sha1":"bc1c64024d703332892569f0a7e6e16f8c1d221c","sha256":"d3048708a016cd9ae6cc37c2891f85432dcedec4d5506284d6c2c593b5b1ac5b","sha512":"07d580c5ff2248ab6a6dc3a87473f1d14e7a22819e7bb6ac1e392489e8ae926db813605f4299eb65e470875ddb93f4251457aa607d8361b343f5f700303732e2","ssdeep":"384:r1E3/BpoaHZcEbqVzjIIFlIGYv7TPNn8XpLfPUo:r1EPPoCmVQIFqzjTPGXpjl","tlshash":"4682d02fbdb75a97720899032fe5a1ea4e67c08095207fbb2c4f89064d1e69d0c416f5","first_seen":"2025-09-26T16:39:14.581121Z","last_seen":"2025-09-26T16:39:14.581121Z","times_seen":1,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"expresartecomunicacion.com.mx","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}