{"report_id":"ce99e372-6d9f-4f58-966f-4110bb5fe5f3","version":0,"status":"done","tags":[],"date":"2026-07-08T12:06:05Z","url":{"schema":"https","addr":"expensestatus.com","fqdn":"expensestatus.com","domain":"expensestatus.com","tld":"com"},"ip":{"addr":"34.194.247.17","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"expensestatus.com/","fqdn":"expensestatus.com","domain":"expensestatus.com","tld":"com"},"title":"404 - Quick Tip | Cofense","dom":{"size":3359,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"df70fa773443fb3691f74daa4d5c5814","sha1":"471a07357796744d77594cdc1d4a931bf624d142","sha256":"faef1e93f29d8b09499ca7d1d5da79da6e09c4c9cb1cb0e21f3bb23316cf1c89","sha512":"df3493420f0439e32c620cc7670b51342e9405f85b0bf4bc9223363c7b56032860182d441b1f9ca614479bd684c18e0d2275652f9c88a64d2d1fa0c3a702fe7b","ssdeep":"","tlshash":"4861322182f7254ab01390706fe12a166a54c003834bce387b6d76e9df8ad928db338c","dom_hash":"domhashea10f18996289fc953ebbd2dc590024e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"expensestatus.com","fqdn":"expensestatus.com","domain":"expensestatus.com","tld":"com"},"ip":{"addr":"34.194.247.17","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-12T12:06:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"expensestatus.com","ip":{"addr":"52.204.246.179","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2017-06-12","domain_rank":0,"first_seen":"2019-07-06T06:22:35Z","last_seen":"2026-05-03T01:44:32.032162Z","alert_count":10,"request_count":5,"received_data":201017,"sent_data":2671,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cofense.com","ip":{"addr":"67.22.136.24","port":443,"asn":13767,"as":"DATABANK-DFW","country":"Canada","country_code":"CA"},"domain_registered":"2017-10-16","domain_rank":253856,"first_seen":"2018-02-26T17:10:24Z","last_seen":"2026-07-06T04:24:19.141959Z","alert_count":0,"request_count":1,"received_data":55503,"sent_data":535,"comment":"","tags":null,"fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"expensestatus.com/","fqdn":"expensestatus.com","domain":"expensestatus.com","tld":"com"},"ip":{"addr":"52.204.246.179","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"6bd43cf0ae158526c6ab93dc3be79f28","sha1":"15c289e342bd3fdf5b1e95f7abf25a2bc78bf357","sha256":"7a13d5ae0755d86c09084ec300c4a0f1a0a06921f74d9980eba9d966ff17ad38","sha512":"5190eb107c27f5d655eab378cd468228aa031d088f59082f257f41d464a29fbdb23594043afe89a3f9b63ce86d91efad6c2901c816d85196389293a6a5a28521","ssdeep":"","tlshash":"df90040100513554711530d00134c3dd157df075dc4dd335754f57004040405c53c401","size":40,"data":"","first_seen":"2023-03-07T01:02:07Z","last_seen":"2026-07-17T14:42:57.696883Z","times_seen":24273,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"expensestatus.com/","fqdn":"expensestatus.com","domain":"expensestatus.com","tld":"com"},"ip":{"addr":"52.204.246.179","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-08T12:05:40.008Z","timestamp":1783512340008,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expensestatus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 14:05:41 GMT","end":"Wed, 12 Aug 2026 14:05:40 GMT"},"fingerprint":{"sha1":"44:BA:0E:76:CD:7F:35:DA:8B:4A:4F:DE:5A:F3:F8:07:48:A8:5D:1A","sha256":"2A:0C:73:E4:0E:0E:3E:EB:D3:5B:C8:53:00:56:43:0F:EC:6A:71:EE:D7:BA:63:50:98:27:68:22:D3:5C:D6:50"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: expensestatus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ndate: Wed, 08 Jul 2026 12:05:40 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 3371\r\nx-frame-options: DENY\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: no-store\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nx-request-id: fadf76ae-835c-432c-b22f-923b84423602\r\nx-runtime: 0.001120\r\nstrict-transport-security: max-age=15768000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3371,"size_decoded":3874,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"f057ece37f7c14e4d996739057bdf5f3","sha1":"1801c26774dbb63662774ad8f6ec3136b6d2a902","sha256":"dda76f72291e2d7c70566ba3780514fd608107575da2079c1d29adef8e19a4b0","sha512":"18496fb4c06ba4530f0fecf8b656ffe04cb3bc0b922b28744b1cdb2ce7ab27b1070f23a75de0558d1f12241ed13b4c5841db958fb0c1c529e8cda6e9e4edfefc","ssdeep":"","tlshash":"7c61122182f7254aa01290706fe12a166a15c143d34bce287b5e76eadf8ad818db778c","first_seen":"2023-04-05T10:50:36Z","last_seen":"2026-07-17T14:42:57.694071Z","times_seen":4519,"resource_available":true,"data":null}},"time_used":425,"timings":{"blocked":-1,"dns":38,"connect":94,"send":0,"wait":96,"receive":0,"ssl":196},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"expensestatus.com/images/www/phishme_spear_phishing_quick_tip_title.png","fqdn":"expensestatus.com","domain":"expensestatus.com","tld":"com"},"ip":{"addr":"52.204.246.179","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://expensestatus.com/","date":"2026-07-08T12:05:40.680Z","timestamp":1783512340680,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expensestatus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 14:05:41 GMT","end":"Wed, 12 Aug 2026 14:05:40 GMT"},"fingerprint":{"sha1":"44:BA:0E:76:CD:7F:35:DA:8B:4A:4F:DE:5A:F3:F8:07:48:A8:5D:1A","sha256":"2A:0C:73:E4:0E:0E:3E:EB:D3:5B:C8:53:00:56:43:0F:EC:6A:71:EE:D7:BA:63:50:98:27:68:22:D3:5C:D6:50"}}},"request":{"raw":"GET /images/www/phishme_spear_phishing_quick_tip_title.png HTTP/1.1\r\nHost: expensestatus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://expensestatus.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 08 Jul 2026 12:05:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 88898\r\nlast-modified: Wed, 01 Jul 2026 03:20:56 GMT\r\nstrict-transport-security: max-age=15768000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":88898,"size_decoded":89109,"mime_type":"image/png","magic":"PNG image data, 1600 x 263, 8-bit/color RGBA, non-interlaced","md5":"838b3aa2c0a05d4629cf4e11db18f502","sha1":"df1f498f9ea1a004188a1fde44e6eb059cd485a1","sha256":"8079376a80d57cf462aad98f4d21542871852b4f4edc5fe3db2f2f1839fdc87d","sha512":"64f35f37305e733f1d358ae615b97b540dc655211000025dc106c40bd00047b895d8cbbb256c33ede73ef4d32ade59c7ecfeaadfe233f0becbbd594cfd22c1e0","ssdeep":"1536:koZmTL1BsqNJoOj2g5kp22LKnuKHK5FQrqhXG/m4nAt0kP8C9X0RGq:QLjs8pl5kpCnuHQV/9At98CpcGq","tlshash":"7a93014a6070d961dfc79d318a6a4f9b7eb70631b2ef6510e2f8118f40e1e7c1d26ac5","first_seen":"2023-05-10T14:34:36Z","last_seen":"2026-07-17T14:42:57.695605Z","times_seen":4536,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":184,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"expensestatus.com/images/www/phishme_spear_phishing_quick_tip.png","fqdn":"expensestatus.com","domain":"expensestatus.com","tld":"com"},"ip":{"addr":"52.204.246.179","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://expensestatus.com/","date":"2026-07-08T12:05:40.682Z","timestamp":1783512340682,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expensestatus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 14:05:41 GMT","end":"Wed, 12 Aug 2026 14:05:40 GMT"},"fingerprint":{"sha1":"44:BA:0E:76:CD:7F:35:DA:8B:4A:4F:DE:5A:F3:F8:07:48:A8:5D:1A","sha256":"2A:0C:73:E4:0E:0E:3E:EB:D3:5B:C8:53:00:56:43:0F:EC:6A:71:EE:D7:BA:63:50:98:27:68:22:D3:5C:D6:50"}}},"request":{"raw":"GET /images/www/phishme_spear_phishing_quick_tip.png HTTP/1.1\r\nHost: expensestatus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://expensestatus.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 08 Jul 2026 12:05:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 94817\r\nlast-modified: Wed, 01 Jul 2026 03:20:56 GMT\r\nstrict-transport-security: max-age=15768000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":94817,"size_decoded":95028,"mime_type":"image/png","magic":"PNG image data, 1600 x 816, 8-bit/color RGBA, non-interlaced","md5":"52e71c716b54e62fdb5903d743e6fdb5","sha1":"b958a3205364a0e529f54a5176d1fcf052af94ab","sha256":"e106b2b8a45566462a60cecbe4e8f8c1ffb287e40222b1db28fc46e7da43766d","sha512":"00bab392040b3dce9c5ec323a6db62f69682e96e12dcf83849786b19980cfb87f14cfcfeaab43359da68cc3681429861c7e58ac0ac5fced93a1d04499abd2b50","ssdeep":"1536:06r8C2nUYxozd6KiTfZQ7ocae+fq7eBOUbAvgu3Rfri6m32JVt:0w8dtxozk4o/lfqXvguhDtm3OVt","tlshash":"ad93025a028a8d88ee215e73f9bcb680ff56265bdad343016f88dd5ced487347e52143","first_seen":"2023-05-10T14:34:36Z","last_seen":"2026-07-17T14:42:57.676871Z","times_seen":4536,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":92,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"expensestatus.com/images/www/reporter.png","fqdn":"expensestatus.com","domain":"expensestatus.com","tld":"com"},"ip":{"addr":"52.204.246.179","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://expensestatus.com/","date":"2026-07-08T12:05:40.684Z","timestamp":1783512340684,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expensestatus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 14:05:41 GMT","end":"Wed, 12 Aug 2026 14:05:40 GMT"},"fingerprint":{"sha1":"44:BA:0E:76:CD:7F:35:DA:8B:4A:4F:DE:5A:F3:F8:07:48:A8:5D:1A","sha256":"2A:0C:73:E4:0E:0E:3E:EB:D3:5B:C8:53:00:56:43:0F:EC:6A:71:EE:D7:BA:63:50:98:27:68:22:D3:5C:D6:50"}}},"request":{"raw":"GET /images/www/reporter.png HTTP/1.1\r\nHost: expensestatus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://expensestatus.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 08 Jul 2026 12:05:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 12310\r\nlast-modified: Wed, 01 Jul 2026 03:20:56 GMT\r\nstrict-transport-security: max-age=15768000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12310,"size_decoded":12521,"mime_type":"image/png","magic":"PNG image data, 280 x 357, 8-bit/color RGBA, non-interlaced","md5":"6d1a6b807cef30298277d86801115ef9","sha1":"d85ffa1e9c7cebeb9d92e3db9baa502bade99de6","sha256":"b66912ec278b45ce43a38e270d8f94f39296787dd3857274002951d7b773761a","sha512":"1e9235dd124e66e394711ef6b087ffa815c941dacc3ae10dbc9da3ddd3acac5637fb89d9916761882fdfdc4434401c6fc77c7b09f77a82a29ba3466b21c3ca5f","ssdeep":"192:a3d6vnT3bBYoUq3HHWk1s6/7aOQ5Z31mbwUHwqAOyQfLU+rsr8YxXeGxeY/KB52D:MUT3bBYov3HHWkxmOMOwUHEQfLQxuGd7","tlshash":"bd42b099467f8202708ba369350d14986dd62684e538afcc9c3ce3171dbf07d63274f5","first_seen":"2023-05-09T00:22:54Z","last_seen":"2026-07-17T14:42:57.678328Z","times_seen":4538,"resource_available":false,"data":null}},"time_used":366,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":366,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"expensestatus.com/images/www/Cofense_spear_phishing_quick_tip_ground.png","fqdn":"expensestatus.com","domain":"expensestatus.com","tld":"com"},"ip":{"addr":"52.204.246.179","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://expensestatus.com/","date":"2026-07-08T12:05:40.686Z","timestamp":1783512340686,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"expensestatus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 14:05:41 GMT","end":"Wed, 12 Aug 2026 14:05:40 GMT"},"fingerprint":{"sha1":"44:BA:0E:76:CD:7F:35:DA:8B:4A:4F:DE:5A:F3:F8:07:48:A8:5D:1A","sha256":"2A:0C:73:E4:0E:0E:3E:EB:D3:5B:C8:53:00:56:43:0F:EC:6A:71:EE:D7:BA:63:50:98:27:68:22:D3:5C:D6:50"}}},"request":{"raw":"GET /images/www/Cofense_spear_phishing_quick_tip_ground.png HTTP/1.1\r\nHost: expensestatus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://expensestatus.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ndate: Wed, 08 Jul 2026 12:05:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 0\r\nx-frame-options: DENY\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: no-store\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nx-request-id: 13f69aa6-e2ae-44a0-b6bf-58a065ffc487\r\nx-runtime: 0.001039\r\nstrict-transport-security: max-age=15768000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":485,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-17T19:40:28.979277Z","times_seen":17321985,"resource_available":true,"data":null}},"time_used":365,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":365,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-08","alert":"Sinkholed","trigger":"expensestatus.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cofense.com/favicon.ico","fqdn":"cofense.com","domain":"cofense.com","tld":"com"},"ip":{"addr":"67.22.136.24","port":443,"asn":13767,"as":"DATABANK-DFW","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://expensestatus.com/","date":"2026-07-08T12:05:41.330Z","timestamp":1783512341330,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cofense.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 28 Aug 2025 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"93:B4:66:8A:F9:67:D4:84:A7:F8:60:F0:30:7E:E1:51:92:AC:9B:5F","sha256":"FA:9D:2B:9C:C0:DC:EB:F0:71:EE:36:9E:04:4E:9F:BC:2F:0D:18:89:36:FD:F4:2C:B1:1A:8B:C9:1E:25:6D:2E"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cofense.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://expensestatus.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-length: 55215\r\ncontent-type: image/x-icon\r\nlast-modified: Wed, 11 Feb 2026 23:02:44 GMT\r\naccept-ranges: bytes\r\netag: \"1dc9baa87d655af\"\r\nserver: Microsoft-IIS/10.0\r\nstrict-transport-security: max-age=2592000\r\ndate: Wed, 08 Jul 2026 12:05:42 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":55215,"size_decoded":55503,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"d83a3420c7d950b4f73ae012a4ff7f34","sha1":"1b19e186779cdc7cb4c93d0f7c95a1fee0d9e1cc","sha256":"2589baa821baa1dba721315ac6ee27b85a287c7e45b7012433ad6b2a16abed89","sha512":"dcfbdb5940b8386b26551019ea2928ffb9e809f2d1fe97659cc8325314aa71ca1e9144ffd8ede94a68935abfaddeaaeb78e3f3d35d80e456708c03d79ec540e0","ssdeep":"768:ApBA00q2yVHHk6JdImjqUSoJdF5UO9HpCPaZD0LIDcTeH1fUImt7awSpqiGkSt4k:eQOHBfGUSoJ/51ZpA2Dfc6Dmt70qi3uP","tlshash":"da431502cb44217bb1151654bba368d38a615d73b209ce2a0bdbb53f2b07fb4ec75c66","first_seen":"2025-01-10T21:07:14.151699Z","last_seen":"2026-07-17T14:42:57.692743Z","times_seen":4509,"resource_available":false,"data":null}},"time_used":1210,"timings":{"blocked":-1,"dns":13,"connect":131,"send":0,"wait":397,"receive":131,"ssl":537},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}
