GET expodais.com/cdn-cgi/styles/cf.errors.css
200 OK 24 kB URL GET expodais.com/cdn-cgi/styles/cf.errors.css
IP
Requested by http://expodais.com/wp-includes/re/?
File type ASCII text, with very long lines (24050)
Hash 5e8c69a459a691b5d1b9be442332c87d
f24dd1ad7c9080575d92a9a9a2c42620725ef836
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: expodais.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/wp-includes/re/?
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 18 Jun 2025 11:28:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Jun 2025 09:00:36 GMT
ETag: W/"684fdd34-5df3"
Server: cloudflare
CF-RAY: 951a711219c056a8-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Wed, 18 Jun 2025 13:28:10 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
GET aadcdn.msauth.net/shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg
200 OK 2.9 kB URL GET aadcdn.msauth.net/shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash fe87496cc7a44412f7893a72099c120a
a0c1458c08a815df63d3cb0406d60be6607ca699
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
GET /shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 18 Jun 2025 11:28:23 GMT
content-type: image/svg+xml
content-length: 1173
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F4981BE7A
x-ms-request-id: dd1b3aaa-e01e-002d-75b2-db4f88000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250618T112823Z-17cd6bcf6759rpmchC1SVGq1v800000007f000000000fsa2
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET logincdn.msauth.net/shared/5/images/picker_verify_email_59759b80e24a89c8cd02.svg
200 OK 268 B URL GET logincdn.msauth.net/shared/5/images/picker_verify_email_59759b80e24a89c8cd02.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintC5:7D:B9:BE:C9:07:E9:E4:9F:87:EF:27:83:99:2A:06:7C:5B:4E:41
ValiditySun, 25 May 2025 11:28:42 GMT - Fri, 21 Nov 2025 11:28:42 GMT
File type SVG Scalable Vector Graphics image
Hash 59759b80e24a89c8cd029b14700e646d
651b1921c99e143d3c242de3faacfb9ad51dbb53
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
GET /shared/5/images/picker_verify_email_59759b80e24a89c8cd02.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 18 Jun 2025 11:28:23 GMT
content-type: image/svg+xml
content-length: 212
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Thu, 31 Oct 2024 23:10:34 GMT
etag: "0x8DCFA01392516B3"
x-ms-request-id: 9cd4a7a3-801e-0020-29c3-dfcf4e000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-Range,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
x-azure-ref: 20250618T112823Z-17cd6bcf6755xft9hC1SVGwpdw00000004h0000000008106
x-fd-int-roxy-purgeid: 79218156
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250618%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250618T112808Z&X-Amz-Expires=300&X-Amz-Signature=36c4a249a7a0bb3fa20190003059878d73f635882bbd11c81bbd75076e3e7390&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
200 OK 10 kB URL GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250618%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250618T112808Z&X-Amz-Expires=300&X-Amz-Signature=36c4a249a7a0bb3fa20190003059878d73f635882bbd11c81bbd75076e3e7390&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (10017)
Hash 6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250618%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250618T112808Z&X-Amz-Expires=300&X-Amz-Signature=36c4a249a7a0bb3fa20190003059878d73f635882bbd11c81bbd75076e3e7390&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 3997
date: Wed, 18 Jun 2025 11:28:24 GMT
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 23045, 0
x-timer: S1750246104.618456,VS0,VE1
content-length: 10245
X-Firefox-Spdy: h2
POST csp.secureserver.net/eventbus/web?clientid=b18ef4f046435b64a469b32c3c1c20a3
202 Accepted 2 B URL POST csp.secureserver.net/eventbus/web?clientid=b18ef4f046435b64a469b32c3c1c20a3
IP
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerStarfield Technologies, Inc.
Subject*.secureserver.net
Fingerprint9E:F1:77:43:E4:A5:B6:5E:5D:E5:25:DE:91:28:DA:E3:BA:87:B6:A2
ValidityThu, 17 Oct 2024 16:32:45 GMT - Tue, 18 Nov 2025 16:32:45 GMT
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
POST /eventbus/web?clientid=b18ef4f046435b64a469b32c3c1c20a3 HTTP/1.1
Host: csp.secureserver.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1110
Origin: http://expodais.com
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: 2
Access-Control-Allow-Origin: *
x-bus-trace-id: 92513762294397380765659576266934007544
x-envoy-upstream-service-time: 118
Expires: Wed, 18 Jun 2025 11:28:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 18 Jun 2025 11:28:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload
GET expodais.com/cdn-cgi/images/icon-exclamation.png?1376755637
200 OK 452 B URL GET expodais.com/cdn-cgi/images/icon-exclamation.png?1376755637
IP
Requested by http://expodais.com/wp-includes/re/?
File type PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Hash c33de66281e933259772399d10a6afe8
b9f9d500f8814381451011d4dcf59cd2d90ad94f
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
Host: expodais.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 18 Jun 2025 11:28:10 GMT
Content-Type: image/png
Content-Length: 452
Connection: keep-alive
Last-Modified: Mon, 16 Jun 2025 09:00:36 GMT
ETag: "684fdd34-1c4"
Server: cloudflare
CF-RAY: 951a71127a2a56a8-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Wed, 18 Jun 2025 13:28:10 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 18 Jun 2025 11:28:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 951a715b1b5756aa-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 827634
expires: Mon, 08 Jun 2026 11:28:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2BGg5Jr80mTzHrLctsYNkjkZIN1HPDSVIRUxhTijWs1eG1I%2B4hRTAIeT2OvhA9ZqF1et%2FqCXrG2bgYV0YuQj4mlCfIjVWj80ixhK0pQXNTDT0ohkx64O6FM0obbDk4SkWUReGyQM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET aadcdn.msauth.net/shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg
200 OK 270 B URL GET aadcdn.msauth.net/shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 40eb39126300b56bf66c20ee75b54093
83678d94097257eb474713dec49e8094f49d2e2a
765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4
GET /shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 18 Jun 2025 11:28:23 GMT
content-type: image/svg+xml
content-length: 190
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F4823AA6E
x-ms-request-id: c86c5535-d01e-0035-6177-dbaf42000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250618T112823Z-17cd6bcf6759rpmchC1SVGq1v800000007f000000000fsa0
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
200 OK 3.7 kB URL GET aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 18 Jun 2025 11:28:24 GMT
content-type: image/svg+xml
content-length: 1435
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F4911527F
x-ms-request-id: f8f36af5-801e-0075-6f17-dea87a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250618T112824Z-17cd6bcf6759rpmchC1SVGq1v800000007f000000000fse1
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET expodais.com/cdn-cgi/phish-bypass?atok=e9MGWWvbK4iA4sLwQBqeuV9Fhquvy.rj5lSu1tCl9rs-1750246090-0.0.1.1-%2Fwp-includes%2Fre%2F%3F
301 Moved Permanently 423 kB URL User Request GET expodais.com/cdn-cgi/phish-bypass?atok=e9MGWWvbK4iA4sLwQBqeuV9Fhquvy.rj5lSu1tCl9rs-1750246090-0.0.1.1-%2Fwp-includes%2Fre%2F%3F
IP
Size 423 kB (422933 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /cdn-cgi/phish-bypass?atok=e9MGWWvbK4iA4sLwQBqeuV9Fhquvy.rj5lSu1tCl9rs-1750246090-0.0.1.1-%2Fwp-includes%2Fre%2F%3F HTTP/1.1
Host: expodais.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/wp-includes/re/?
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Wed, 18 Jun 2025 11:28:21 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Set-Cookie: __cf_mw_byp=e9MGWWvbK4iA4sLwQBqeuV9Fhquvy.rj5lSu1tCl9rs-1750246090-0.0.1.1-/wp-includes/re/?; Domain=expodais.com; Path=/; Max-Age=240
Cache-Control: private, no-cache
Location: http://expodais.com/wp-includes/re/?
Server: cloudflare
CF-RAY: 951a715798d056a8-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
302 Found 10 kB URL GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 18 Jun 2025 11:28:08 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250618%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250618T112808Z&X-Amz-Expires=300&X-Amz-Signature=36c4a249a7a0bb3fa20190003059878d73f635882bbd11c81bbd75076e3e7390&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: A962:14F0E7:5126588:53576CA:6852A2D6
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 18 Jun 2025 11:28:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 951a7167bb540b65-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 827636
expires: Mon, 08 Jun 2026 11:28:24 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I1jldhcjKWzmg%2B6uthCgTYoIp8tsNDUuqGVNE01SB3IgtwfSSZClVqp%2B8l1SyBYOJ8BAJ97AuFNg5OuZk%2FONFwMD4a1jrIjk5kXuCUSwV9lYpL27X7nz8TxM6eUqY3Ds%2FBgeduUr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET expodais.com/favicon.ico
200 OK 0 B IP
Requested by http://expodais.com/wp-includes/re/?
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: expodais.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/wp-includes/re/?
Cookie: __cf_mw_byp=e9MGWWvbK4iA4sLwQBqeuV9Fhquvy.rj5lSu1tCl9rs-1750246090-0.0.1.1-/wp-includes/re/?
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 18 Jun 2025 11:28:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.28
last-modified: Wed, 18 Jun 2025 10:51:39 GMT
Vary: Accept-Encoding
Age: 2204
Cache-Control: max-age=14400
cf-cache-status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uPjbwDEUD%2B7%2BybS4k77Sss52LypsTfeFyBEauu9RccTzA8MCGhlpAVX4KKKWAXv0Yf5Gff0G0PnjHW1Fd%2Fuk2EotcAgPGBSKVK5jzI7D1kY51qi1JSqrrbhJWuQ58hU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 951a7169690e56a8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=948&min_rtt=365&rtt_var=653&sent=419&recv=159&lost=0&retrans=0&sent_bytes=335331&recv_bytes=3152&delivery_rate=40598130&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET expodais.com/favicon.ico
200 OK 0 B IP
Requested by http://expodais.com/wp-includes/re/?
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: expodais.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/wp-includes/re/?
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 18 Jun 2025 11:28:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.28
last-modified: Wed, 18 Jun 2025 10:51:39 GMT
Vary: Accept-Encoding
Age: 2191
Cache-Control: max-age=14400
cf-cache-status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pFdQ%2FShmFu%2FXlCvm13lmOaIurINpCjdPtry%2FVjmoH4ogzoPJ2g%2B7ZfTPTdihW8vdceCY%2BzXj%2FeBHr%2BNfB4r%2BY%2B1OKje9FEJQ3n1iAP6GkL0PSPumqfccRZZFwvW2p1Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 951a7112dace56a8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=510&min_rtt=391&rtt_var=93&sent=11&recv=16&lost=0&retrans=0&sent_bytes=8327&recv_bytes=1565&delivery_rate=11547049&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET aadcdn.msauth.net/shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg
200 OK 513 B URL GET aadcdn.msauth.net/shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash a9cc2824ef3517b6c4160dcf8ff7d410
8db9aebad84ca6e4225bfdd2458ff3821cc4f064
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 18 Jun 2025 11:28:23 GMT
content-type: image/svg+xml
content-length: 276
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:45 GMT
etag: 0x8DB5C3F47A00633
x-ms-request-id: 6ec0355b-d01e-0068-2317-dea5c6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250618T112823Z-17cd6bcf6759rpmchC1SVGq1v800000007f000000000fsa4
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 18 Jun 2025 11:28:23 GMT
age: 1975103
x-served-by: cache-lga21931-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 821582
x-timer: S1750246103.401531,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
200 OK 1.6 kB URL GET aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 4e48046ce74f4b89d45037c90576bfac
4a41b3b51ed787f7b33294202da72220c7cd2c32
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 18 Jun 2025 11:28:23 GMT
content-type: image/svg+xml
content-length: 621
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:49 GMT
etag: 0x8DB5C3F49ED96E0
x-ms-request-id: 4fd1493d-701e-0003-7976-db2232000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250618T112823Z-17cd6bcf6759rpmchC1SVGq1v800000007f000000000fsa3
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
POST csp.secureserver.net/eventbus/web?clientid=8da2217409854bee82e12dc4ca0b39fb
202 Accepted 2 B URL POST csp.secureserver.net/eventbus/web?clientid=8da2217409854bee82e12dc4ca0b39fb
IP
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerStarfield Technologies, Inc.
Subject*.secureserver.net
Fingerprint9E:F1:77:43:E4:A5:B6:5E:5D:E5:25:DE:91:28:DA:E3:BA:87:B6:A2
ValidityThu, 17 Oct 2024 16:32:45 GMT - Tue, 18 Nov 2025 16:32:45 GMT
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
POST /eventbus/web?clientid=8da2217409854bee82e12dc4ca0b39fb HTTP/1.1
Host: csp.secureserver.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1845
Origin: http://expodais.com
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: 2
Access-Control-Allow-Origin: *
x-bus-trace-id: 314658478757326641351329727303597425957
x-envoy-upstream-service-time: 117
Expires: Wed, 18 Jun 2025 11:28:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 18 Jun 2025 11:28:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload
GET expodais.com/wp-includes/re/?
403 Forbidden 5.0 kB URL User Request GET expodais.com/wp-includes/re/?
IP
Certificate IssuerGoogle Trust Services
Subjectexpodais.com
Fingerprint80:45:BD:61:B7:D6:36:41:2F:B5:BF:8D:BC:84:62:69:18:3E:0B:85
ValidityMon, 12 May 2025 00:24:24 GMT - Sun, 10 Aug 2025 01:22:56 GMT
File type HTML document, ASCII text, with very long lines (396)
Hash 2763e5053ccd921086a5039d601f2528
cfe671d36bb66c000c6eee38994871c9bff94e5f
db6a52fc5da04d72babb3a193889d337d671bbcde8bf03c4643f753566135c83
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /wp-includes/re/? HTTP/1.1
Host: expodais.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Wed, 18 Jun 2025 11:28:09 GMT
content-type: text/html; charset=utf-8
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=BVmZ3D0czE56QYKHw1IglcaIMuvqcXbh%2Bjz%2Fc75hjrw0lC8G2SQxiFqFywHYXwJ%2FG5fx1QTnBXHGQBm7gRoxvVVfD73ViJVmuNk%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 951a710ddb7ab518-OSL
X-Firefox-Spdy: h2
GET expodais.com/wp-includes/re/?
403 Forbidden 4.6 kB URL User Request GET expodais.com/wp-includes/re/?
IP
File type HTML document, ASCII text, with very long lines (394)
Hash 73d524908dde837f21d32b497df44827
33495b3516698d561ae40757dcf9001a12d88089
111dcb6a814dd3856d7523dc36006927de2a3a971637ff35f962ace757100ea8
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /wp-includes/re/? HTTP/1.1
Host: expodais.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 18 Jun 2025 11:28:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KPnLPMCiXv0xdAqmPjRF9RY2iW6dPvyUH7dfpd792%2FiCuOImumzb4dQDPxQR4FaMIgAwK8drcUTXxLlptjR89jihHCoEE2SSOYWbueFVI7NWxb%2FVgGhX5CiHLjNLVNY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 951a71101f1e56a8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
GET expodais.com/wp-includes/re/?
200 OK 423 kB URL User Request GET expodais.com/wp-includes/re/?
IP
File type HTML document, ASCII text, with very long lines (62758)
Size 423 kB (422933 bytes)
Hash 6b4b104b407cd70f31e46ba308e9d4ef
e5fbf8ceab039507421e91f4c2366dd8881b830f
04ace957644a16a374f3465ecc9187e47652ab88beabbae2295908dd9005545a
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /wp-includes/re/? HTTP/1.1
Host: expodais.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://expodais.com/wp-includes/re/?
DNT: 1
Connection: keep-alive
Cookie: __cf_mw_byp=e9MGWWvbK4iA4sLwQBqeuV9Fhquvy.rj5lSu1tCl9rs-1750246090-0.0.1.1-/wp-includes/re/?
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 18 Jun 2025 11:28:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Last-Modified: Thu, 12 Jun 2025 03:00:32 GMT
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NlzVcwu9iV%2BgPF1Tlts1HgPJWUW0oL7QltQ%2FI4IPyR1MW5fcEyL3TLr2IaHxaV94yQPpnGmjwIOAbAf5%2FmXNldkd5fR1nA9RmaD7zTWAjuKHB6olwq6kuROLPoCUsOA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 951a7157b8ff56a8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=510&min_rtt=391&rtt_var=57&sent=16&recv=22&lost=0&retrans=0&sent_bytes=9954&recv_bytes=2685&delivery_rate=11547049&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
200 OK 1.9 kB URL GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 18 Jun 2025 11:28:24 GMT
content-type: image/svg+xml
content-length: 673
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-ms-request-id: 79f34be4-401e-0079-4617-de00df000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250618T112824Z-17cd6bcf6759rpmchC1SVGq1v800000007f000000000fsdy
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET img1.wsimg.com/traffic-assets/js/tccl.min.js
301 Moved Permanently 102 kB URL GET img1.wsimg.com/traffic-assets/js/tccl.min.js
IP
ASN #20940 Akamai International B.V.
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerStarfield Technologies, Inc.
Subject*.wsimg.com
FingerprintEA:61:02:4F:B7:92:44:AD:09:4C:03:D9:59:C6:B7:3B:E5:1E:ED:F3
ValidityThu, 19 Sep 2024 21:02:42 GMT - Tue, 21 Oct 2025 21:02:42 GMT
Size 102 kB (102055 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /traffic-assets/js/tccl.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
content-length: 0
location: https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
cache-control: max-age=31536000
expires: Thu, 18 Jun 2026 11:28:22 GMT
date: Wed, 18 Jun 2025 11:28:22 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
200 OK 102 kB URL GET img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
IP
ASN #20940 Akamai International B.V.
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerStarfield Technologies, Inc.
Subject*.wsimg.com
FingerprintEA:61:02:4F:B7:92:44:AD:09:4C:03:D9:59:C6:B7:3B:E5:1E:ED:F3
ValidityThu, 19 Sep 2024 21:02:42 GMT - Tue, 21 Oct 2025 21:02:42 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 102 kB (102055 bytes)
Hash 32285108dd7cc5067d47178e545b477a
11c3afc54f62ba41848613bc3315910693861f5d
e4ab9aed84df1f44f4d082224fddb3580386e5a1457ca8c6354d6e41909f7249
GET /signals/js/clients/scc-c2/scc-c2.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://expodais.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-amz-id-2: S5LfWCJv+Zb9LmQXwBbivXn16aW+yJAPRJ4lgOUuJm3ncTeR2K1BiQOyCtZ+AxzyIM1fVJLsGbM=
x-amz-request-id: YQXK4D08RSQXMJZV
last-modified: Wed, 28 May 2025 12:01:00 GMT
etag: "32285108dd7cc5067d47178e545b477a"
x-amz-server-side-encryption: AES256
x-amz-meta-version: 1.2.2
x-amz-version-id: ckqi.HRi8XGcR6C.REKE37pO445klfRs
accept-ranges: bytes
content-type: text/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1800
expires: Wed, 18 Jun 2025 11:58:22 GMT
date: Wed, 18 Jun 2025 11:28:22 GMT
content-length: 20319
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
200 OK 7.4 kB URL GET aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by http://expodais.com/wp-includes/re/?
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://expodais.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 18 Jun 2025 11:28:23 GMT
content-type: image/svg+xml
content-length: 2407
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:49 GMT
etag: 0x8DB5C3F499A9B99
x-ms-request-id: 25041f25-a01e-0008-55b2-dbaee6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250618T112823Z-17cd6bcf6759rpmchC1SVGq1v800000007f000000000fs9z
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
172.67.211.165
13.107.246.53
95.101.10.129
140.82.121.3