sxoexpandedgets.z13.web.core.windows.net Open in urlscan Pro
57.150.27.164 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sxoexpandedgets.z13.web.core.windows.net/
Submission: On November 26 via api (November 26th 2024, 4:07:36 am UTC) from JP — Scanned from JP

Summary HTTP 141 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 8 domains to perform 141 HTTP transactions. The main IP is 57.150.27.164, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is sxoexpandedgets.z13.web.core.windows.net.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 07 on October 27th 2024. Valid for: 6 months.

This is the only time sxoexpandedgets.z13.web.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Tech Support Scam (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
35	57.150.27.164 57.150.27.164	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	45.133.44.25 45.133.44.25	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS DataWeb Global Group B.V.)
89	45.133.44.24 45.133.44.24	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS DataWeb Global Group B.V.)
4	178.63.5.120 178.63.5.120	24940 (HETZNER-A...) (HETZNER-AS Hetzner Online GmbH)
2 9	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX YA...) (YANDEX YANDEX LLC)
1	103.126.138.87 103.126.138.87	40676 (AS40676) (AS40676)
1	65.9.37.32 65.9.37.32	16509 (AMAZON-02) (AMAZON-02)
1	3.231.96.150 3.231.96.150	14618 (AMAZON-AES) (AMAZON-AES)
141	9

35 57.150.27.164 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sxoexpandedgets.z13.web.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.133.44.25 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL)

imdn.pics	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

89 45.133.44.24 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL)

tn.vjav.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.63.5.120 (Germany)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: static.120.5.63.178.clients.your-server.de

poloptrex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:6b8::1:119 (Moscow, Russian Federation) 2 redirects

ASN13238 (YANDEX YANDEX LLC, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.126.138.87 (Singapore, Singapore)

ASN40676 (AS40676, US)
PTR: unassigned.psychz.net

ipwho.is	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.37.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-37-32.nrt12.r.cloudfront.net

d2fuc4clr7gvcn.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.231.96.150 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-231-96-150.compute-1.amazonaws.com

track.gaug.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
89	vjav.com vjav.com Failed tn.vjav.com — Cisco Umbrella Rank: 338348	2 MB
35	windows.net sxoexpandedgets.z13.web.core.windows.net	1 MB
9	yandex.ru 2 redirects mc.yandex.ru — Cisco Umbrella Rank: 4577	144 KB
4	poloptrex.com poloptrex.com — Cisco Umbrella Rank: 86777
2	imdn.pics imdn.pics — Cisco Umbrella Rank: 181716	2 KB
1	gaug.es track.gaug.es — Cisco Umbrella Rank: 278607	389 B
1	cloudfront.net d2fuc4clr7gvcn.cloudfront.net	2 KB
1	ipwho.is ipwho.is — Cisco Umbrella Rank: 58100	940 B
141	8

	Domain	Requested by
89	tn.vjav.com	sxoexpandedgets.z13.web.core.windows.net
35	sxoexpandedgets.z13.web.core.windows.net	sxoexpandedgets.z13.web.core.windows.net
9	mc.yandex.ru	2 redirects sxoexpandedgets.z13.web.core.windows.net mc.yandex.ru
4	poloptrex.com	sxoexpandedgets.z13.web.core.windows.net
2	imdn.pics	sxoexpandedgets.z13.web.core.windows.net
1	track.gaug.es	sxoexpandedgets.z13.web.core.windows.net
1	d2fuc4clr7gvcn.cloudfront.net	sxoexpandedgets.z13.web.core.windows.net
1	ipwho.is	sxoexpandedgets.z13.web.core.windows.net
0	vjav.com Failed	sxoexpandedgets.z13.web.core.windows.net
141	9

This site contains links to these domains. Also see Links.

Domain
porntourist.com
tubecorporate.com
click.vjav.com
www.rtalabel.org

Subject Issuer	Validity	Valid
*.web.core.windows.net Microsoft Azure RSA TLS Issuing CA 07	`2024-10-27` - `2025-04-25`	6 months	crt.sh
imdn.pics R11	`2024-11-07` - `2025-02-05`	3 months	crt.sh
tn.vjav.com R11	`2024-11-06` - `2025-02-04`	3 months	crt.sh
rtbbnr.com R11	`2024-09-27` - `2024-12-26`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2024-10-20` - `2025-04-01`	5 months	crt.sh
ipwho.is GoGetSSL ECC DV CA	`2024-03-13` - `2025-03-13`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
*.gaug.es Sectigo RSA Domain Validation Secure Server CA	`2024-03-03` - `2025-04-03`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://sxoexpandedgets.z13.web.core.windows.net/
Frame ID: F5ED2634AB1DBF80DF80CDE6CE85B41A
Requests: 136 HTTP requests in this frame

Frame: https://poloptrex.com/get?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6Mjk4NzQsInR5cGUiOiJwb3AiLCJpZHpvbmUiOjE5MjA3NjAsImFkX3RhZ3MiOiJzdHJhaWdodCwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwicmVmcmVzaCI6NCwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6Mjk4NzQsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6IiIsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1NiwiYnR5cGUiOjAsInYyIjowLCJyY2hhbmdlIjpmYWxzZX0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH0sIm1ldHJpY3MiOnsidG9waWNzIjpbXX19XSwic2l0ZSI6eyJpZCI6IjI5ODc0IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL3ZqYXYuY29tLyIsImN0aWQiOjF9LCJkZXZpY2UiOnsidyI6MTUzNiwiaCI6ODY0fSwidXNlciI6eyJpZCI6IjdlMjU4ZTg2NDgxZDZhNjRlOWViYTkwYWRhNGQwNjMwIiwiZnAiOm51bGwsImZwX3N0ciI6IiIsInVhX2RhdGEiOnsiYXJjaGl0ZWN0dXJlIjoieDg2IiwiYml0bmVzcyI6IjY0IiwiYnJhbmRzIjpbeyJicmFuZCI6IkNocm9taXVtIiwidmVyc2lvbiI6IjEyOCJ9LHsiYnJhbmQiOiJOb3Q7QT1CcmFuZCIsInZlcnNpb24iOiIyNCJ9LHsiYnJhbmQiOiJHb29nbGUgQ2hyb21lIiwidmVyc2lvbiI6IjEyOCJ9XSwiZnVsbFZlcnNpb25MaXN0IjpbeyJicmFuZCI6IkNocm9taXVtIiwidmVyc2lvbiI6IjEyOC4wLjY2MTMuMTM4In0seyJicmFuZCI6Ik5vdDtBPUJyYW5kIiwidmVyc2lvbiI6IjI0LjAuMC4wIn0seyJicmFuZCI6Ikdvb2dsZSBDaHJvbWUiLCJ2ZXJzaW9uIjoiMTI4LjAuNjYxMy4xMzgifV0sIm1vYmlsZSI6ZmFsc2UsIm1vZGVsIjoiIiwicGxhdGZvcm0iOiJXaW5kb3dzIiwicGxhdGZvcm1WZXJzaW9uIjoiMTUuMC4wIiwidWFGdWxsVmVyc2lvbiI6IjEyOC4wLjY2MTMuMTM4Iiwid293NjQiOmZhbHNlfX0sImV4dCI6eyJkdCI6MTcyNjU0NTE3MTYzOH19
Frame ID: C7A01498BEB01316FAE3A9FA378846C7
Requests: 1 HTTP requests in this frame

Frame: https://poloptrex.com/get?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6Mjk4NzUsInR5cGUiOiJwb3AiLCJpZHpvbmUiOjE5MjA3NjIsImFkX3RhZ3MiOiJzdHJhaWdodCwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwicmVmcmVzaCI6NCwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6Mjk4NzUsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6IiIsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1NiwiYnR5cGUiOjAsInYyIjowLCJyY2hhbmdlIjpmYWxzZX0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH0sIm1ldHJpY3MiOnsidG9waWNzIjpbXX19XSwic2l0ZSI6eyJpZCI6IjI5ODc1IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL3ZqYXYuY29tLyIsImN0aWQiOjF9LCJkZXZpY2UiOnsidyI6MTUzNiwiaCI6ODY0fSwidXNlciI6eyJpZCI6IjdlMjU4ZTg2NDgxZDZhNjRlOWViYTkwYWRhNGQwNjMwIiwiZnAiOm51bGwsImZwX3N0ciI6IiIsInVhX2RhdGEiOnsiYXJjaGl0ZWN0dXJlIjoieDg2IiwiYml0bmVzcyI6IjY0IiwiYnJhbmRzIjpbeyJicmFuZCI6IkNocm9taXVtIiwidmVyc2lvbiI6IjEyOCJ9LHsiYnJhbmQiOiJOb3Q7QT1CcmFuZCIsInZlcnNpb24iOiIyNCJ9LHsiYnJhbmQiOiJHb29nbGUgQ2hyb21lIiwidmVyc2lvbiI6IjEyOCJ9XSwiZnVsbFZlcnNpb25MaXN0IjpbeyJicmFuZCI6IkNocm9taXVtIiwidmVyc2lvbiI6IjEyOC4wLjY2MTMuMTM4In0seyJicmFuZCI6Ik5vdDtBPUJyYW5kIiwidmVyc2lvbiI6IjI0LjAuMC4wIn0seyJicmFuZCI6Ikdvb2dsZSBDaHJvbWUiLCJ2ZXJzaW9uIjoiMTI4LjAuNjYxMy4xMzgifV0sIm1vYmlsZSI6ZmFsc2UsIm1vZGVsIjoiIiwicGxhdGZvcm0iOiJXaW5kb3dzIiwicGxhdGZvcm1WZXJzaW9uIjoiMTUuMC4wIiwidWFGdWxsVmVyc2lvbiI6IjEyOC4wLjY2MTMuMTM4Iiwid293NjQiOmZhbHNlfX0sImV4dCI6eyJkdCI6MTcyNjU0NTE3MTY1MH19
Frame ID: AF362AFD963D11535C772A51A4CFF434
Requests: 1 HTTP requests in this frame

Frame: https://poloptrex.com/get?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6Mjk4NzYsInR5cGUiOiJwb3AiLCJpZHpvbmUiOjE5MjA3NjQsImFkX3RhZ3MiOiJzdHJhaWdodCwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwicmVmcmVzaCI6NCwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6Mjk4NzYsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6IiIsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1NiwiYnR5cGUiOjAsInYyIjowLCJyY2hhbmdlIjpmYWxzZX0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH0sIm1ldHJpY3MiOnsidG9waWNzIjpbXX19XSwic2l0ZSI6eyJpZCI6IjI5ODc2IiwiY2F0IjpbIklBQjI1Il0sInBhZ2UiOiJodHRwczovL3ZqYXYuY29tLyIsImN0aWQiOjF9LCJkZXZpY2UiOnsidyI6MTUzNiwiaCI6ODY0fSwidXNlciI6eyJpZCI6IjdlMjU4ZTg2NDgxZDZhNjRlOWViYTkwYWRhNGQwNjMwIiwiZnAiOm51bGwsImZwX3N0ciI6IiIsInVhX2RhdGEiOnsiYXJjaGl0ZWN0dXJlIjoieDg2IiwiYml0bmVzcyI6IjY0IiwiYnJhbmRzIjpbeyJicmFuZCI6IkNocm9taXVtIiwidmVyc2lvbiI6IjEyOCJ9LHsiYnJhbmQiOiJOb3Q7QT1CcmFuZCIsInZlcnNpb24iOiIyNCJ9LHsiYnJhbmQiOiJHb29nbGUgQ2hyb21lIiwidmVyc2lvbiI6IjEyOCJ9XSwiZnVsbFZlcnNpb25MaXN0IjpbeyJicmFuZCI6IkNocm9taXVtIiwidmVyc2lvbiI6IjEyOC4wLjY2MTMuMTM4In0seyJicmFuZCI6Ik5vdDtBPUJyYW5kIiwidmVyc2lvbiI6IjI0LjAuMC4wIn0seyJicmFuZCI6Ikdvb2dsZSBDaHJvbWUiLCJ2ZXJzaW9uIjoiMTI4LjAuNjYxMy4xMzgifV0sIm1vYmlsZSI6ZmFsc2UsIm1vZGVsIjoiIiwicGxhdGZvcm0iOiJXaW5kb3dzIiwicGxhdGZvcm1WZXJzaW9uIjoiMTUuMC4wIiwidWFGdWxsVmVyc2lvbiI6IjEyOC4wLjY2MTMuMTM4Iiwid293NjQiOmZhbHNlfX0sImV4dCI6eyJkdCI6MTcyNjU0NTE3MTY1OX19
Frame ID: 2B50F81E7647DBF8C2432B201436BED5
Requests: 1 HTTP requests in this frame

Frame: https://poloptrex.com/get?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTQ5Niwic3BhY2VpZCI6Mjk4NzcsInR5cGUiOiJwb3AiLCJpZHpvbmUiOjE5MjA3NjgsImFkX3RhZ3MiOiJzdHJhaWdodCwiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwicmVmcmVzaCI6MTAsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjI5ODc3LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6ZmFsc2UsInJlZmRvbWFpbiI6IiIsInBsIjo4LCJzdHJhdGFnZW0iOiIiLCJneXIiOjAsImFjY2VsIjowLCJzc3AiOjM3NTYsImJ0eXBlIjowLCJ2MiI6MCwicmNoYW5nZSI6ZmFsc2V9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoyNTB9LCJtZXRyaWNzIjp7InRvcGljcyI6W119fV0sInNpdGUiOnsiaWQiOiIyOTg3NyIsImNhdCI6WyJJQUIyNSJdLCJwYWdlIjoiaHR0cHM6Ly92amF2LmNvbS8iLCJjdGlkIjoxfSwiZGV2aWNlIjp7InciOjE1MzYsImgiOjg2NH0sInVzZXIiOnsiaWQiOiI3ZTI1OGU4NjQ4MWQ2YTY0ZTllYmE5MGFkYTRkMDYzMCIsImZwIjpudWxsLCJmcF9zdHIiOiIiLCJ1YV9kYXRhIjp7ImFyY2hpdGVjdHVyZSI6Ing4NiIsImJpdG5lc3MiOiI2NCIsImJyYW5kcyI6W3siYnJhbmQiOiJDaHJvbWl1bSIsInZlcnNpb24iOiIxMjgifSx7ImJyYW5kIjoiTm90O0E9QnJhbmQiLCJ2ZXJzaW9uIjoiMjQifSx7ImJyYW5kIjoiR29vZ2xlIENocm9tZSIsInZlcnNpb24iOiIxMjgifV0sImZ1bGxWZXJzaW9uTGlzdCI6W3siYnJhbmQiOiJDaHJvbWl1bSIsInZlcnNpb24iOiIxMjguMC42NjEzLjEzOCJ9LHsiYnJhbmQiOiJOb3Q7QT1CcmFuZCIsInZlcnNpb24iOiIyNC4wLjAuMCJ9LHsiYnJhbmQiOiJHb29nbGUgQ2hyb21lIiwidmVyc2lvbiI6IjEyOC4wLjY2MTMuMTM4In1dLCJtb2JpbGUiOmZhbHNlLCJtb2RlbCI6IiIsInBsYXRmb3JtIjoiV2luZG93cyIsInBsYXRmb3JtVmVyc2lvbiI6IjE1LjAuMCIsInVhRnVsbFZlcnNpb24iOiIxMjguMC42NjEzLjEzOCIsIndvdzY0IjpmYWxzZX19LCJleHQiOnsiZHQiOjE3MjY1NDUxNzE2NzJ9fQ==
Frame ID: 3A87F840D865C2C33EB564DC21782FF2
Requests: 1 HTTP requests in this frame

Frame: https://mc.yandex.ru/metrika/metrika_match.html
Frame ID: 7CCE6C434726CA5AC856D2159A11768F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Vjavの無修正アダルト動画

Detected technologies

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

141
Requests

98 %
HTTPS

13 %
IPv6

8
Domains

9
Subdomains

9
IPs

4
Countries

3809 kB
Transfer

4100 kB
Size

17
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://porntourist.com/?ref=vjav.com
Title: Best Porn Sites

Search URL Search Domain Scan URL

URL: https://tubecorporate.com/
Title: ウェブマスター

Search URL Search Domain Scan URL

URL: https://tubecorporate.com/home/content
Title: コンテンツパートナー

Search URL Search Domain Scan URL

URL: https://click.vjav.com/
Title: 広告主

Search URL Search Domain Scan URL

URL: https://tubecorporate.com/home/advertising
Title: Ad Formats

Search URL Search Domain Scan URL

URL: https://www.rtalabel.org/index.php?content=parents
Title: 読む

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 135

https://mc.yandex.ru/watch/49315045?wmode=7&page-url=https%3A%2F%2Fsxoexpandedgets.z13.web.core.windows.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnncs44tf8xglmzmdcdb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aja-JP%3Av%3A1530%3Acn%3A1%3Adp%3A0%3Als%3A1494330001787%3Ahid%3A587998738%3Az%3A540%3Ai%3A20241126130729%3Aet%3A1732594049%3Ac%3A1%3Arn%3A571133804%3Arqn%3A1%3Au%3A1732594049460676091%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A1915%3Awv%3A2%3Ads%3A11%2C511%2C170%2C655%2C0%2C0%2C%2C1208%2C5%2C%2C%2C%2C2557%3Aco%3A0%3Acpf%3A1%3Ans%3A1732594045574%3Arqnl%3A1%3Ast%3A1732594049%3At%3AVjav%E3%81%AE%E7%84%A1%E4%BF%AE%E6%AD%A3%E3%82%A2%E3%83%80%E3%83%AB%E3%83%88%E5%8B%95%E7%94%BB&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(42009088)ti(1) HTTP 302
https://mc.yandex.ru/watch/49315045/1?wmode=7&page-url=https%3A%2F%2Fsxoexpandedgets.z13.web.core.windows.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A14pwap7gbnncs44tf8xglmzmdcdb%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aja-JP%3Av%3A1530%3Acn%3A1%3Adp%3A0%3Als%3A1494330001787%3Ahid%3A587998738%3Az%3A540%3Ai%3A20241126130729%3Aet%3A1732594049%3Ac%3A1%3Arn%3A571133804%3Arqn%3A1%3Au%3A1732594049460676091%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A1915%3Awv%3A2%3Ads%3A11%2C511%2C170%2C655%2C0%2C0%2C%2C1208%2C5%2C%2C%2C%2C2557%3Aco%3A0%3Acpf%3A1%3Ans%3A1732594045574%3Arqnl%3A1%3Ast%3A1732594049%3At%3AVjav%E3%81%AE%E7%84%A1%E4%BF%AE%E6%AD%A3%E3%82%A2%E3%83%80%E3%83%AB%E3%83%88%E5%8B%95%E7%94%BB&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009088%29ti%281%29

Request Chain 136

https://mc.yandex.ru/watch/35313285?wmode=7&page-url=https%3A%2F%2Fsxoexpandedgets.z13.web.core.windows.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Afqngs4ku2ry4ydu78wzu8osbsm7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aja-JP%3Av%3A1530%3Acn%3A2%3Adp%3A1%3Als%3A1121365880404%3Ahid%3A587998738%3Az%3A540%3Ai%3A20241126130729%3Aet%3A1732594049%3Ac%3A1%3Arn%3A655688180%3Arqn%3A1%3Au%3A1732594049460676091%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A1915%3Ads%3A11%2C511%2C170%2C655%2C0%2C0%2C%2C1208%2C5%2C%2C%2C%2C2557%3Aco%3A0%3Acpf%3A1%3Ans%3A1732594045574%3Arqnl%3A1%3Ast%3A1732594049%3At%3AVjav%E3%81%AE%E7%84%A1%E4%BF%AE%E6%AD%A3%E3%82%A2%E3%83%80%E3%83%AB%E3%83%88%E5%8B%95%E7%94%BB&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(3179392)ti(1) HTTP 302
https://mc.yandex.ru/watch/35313285/1?wmode=7&page-url=https%3A%2F%2Fsxoexpandedgets.z13.web.core.windows.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Afqngs4ku2ry4ydu78wzu8osbsm7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aja-JP%3Av%3A1530%3Acn%3A2%3Adp%3A1%3Als%3A1121365880404%3Ahid%3A587998738%3Az%3A540%3Ai%3A20241126130729%3Aet%3A1732594049%3Ac%3A1%3Arn%3A655688180%3Arqn%3A1%3Au%3A1732594049460676091%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A1915%3Ads%3A11%2C511%2C170%2C655%2C0%2C0%2C%2C1208%2C5%2C%2C%2C%2C2557%3Aco%3A0%3Acpf%3A1%3Ans%3A1732594045574%3Arqnl%3A1%3Ast%3A1732594049%3At%3AVjav%E3%81%AE%E7%84%A1%E4%BF%AE%E6%AD%A3%E3%82%A2%E3%83%80%E3%83%AB%E3%83%88%E5%8B%95%E7%94%BB&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%283179392%29ti%281%29

141 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
sxoexpandedgets.z13.web.core.windows.net/ 261 KB
262 KB 694ms
171ms Document
text/html 57.150.27.164
MICROSOFT-CORP-MS...

General

Domain/Path	Expires	Name / Value
sxoexpandedgets.z13.web.core.windows.net/	1970-01-21 01:16:37	Name: _gauges_unique_hour Value: 1
sxoexpandedgets.z13.web.core.windows.net/	1970-01-21 01:18:00	Name: _gauges_unique_day Value: 1
sxoexpandedgets.z13.web.core.windows.net/	1970-01-21 02:01:12	Name: _gauges_unique_month Value: 1
sxoexpandedgets.z13.web.core.windows.net/	1970-01-21 10:02:10	Name: _gauges_unique_year Value: 1
sxoexpandedgets.z13.web.core.windows.net/	1970-01-21 10:02:10	Name: _gauges_unique Value: 1
.windows.net/	1970-01-21 10:02:10	Name: _ym_uid Value: 1732594049460676091
.windows.net/	1970-01-21 10:02:10	Name: _ym_d Value: 1732594049
.yandex.ru/	1970-01-21 10:52:34	Name: i Value: qXm/46A3wl+/z46D9w8btDlRdAzQkbpsAFQca+7IazVo7gDgLEvD7BceDqIY9TQVen7QLh+m4ImuVeizhzGBfmgf9go=
.yandex.ru/	1970-01-21 10:02:10	Name: yashr Value: 8491095921732594048
.magsrv.com/	1970-01-21 10:52:34	Name: __uvt Value: s%3A32%3A%22674549813d97b0.18372193733204450%22%3B
.yandex.ru/	1970-01-21 10:02:10	Name: ymex Value: 2047954049.yrts.1732594049
.yandex.ru/	1970-01-21 10:02:10	Name: receive-cookie-deprecation Value: 1
.windows.net/	1970-01-21 01:17:46	Name: _ym_isad Value: 2
mc.yandex.ru/	1969-12-31 23:59:59	Name: yabs-sid Value: 1209785161732594049
.yandex.ru/	1970-01-21 10:52:34	Name: yandexuid Value: 3831244341732594048
.yandex.ru/	1970-01-21 10:52:34	Name: yuidss Value: 3831244341732594048
.yandex.ru/	1970-01-21 10:52:34	Name: bh Value: KgI/MGCBk5W6Bg==

Source	Level	URL Text
network	error	URL: https://sxoexpandedgets.z13.web.core.windows.net/upd/20240904.115433.210588/static/assets/app.js Message: Failed to load resource: the server responded with a status of 404 (The requested content does not exist.)
network	error	URL: https://sxoexpandedgets.z13.web.core.windows.net/33x8krmm4a/mojzfzy6ok.js Message: Failed to load resource: the server responded with a status of 404 (The requested content does not exist.)

sxoexpandedgets.z13.web.core.windows.net Open in urlscan Pro 57.150.27.164 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

141 Requests

98 %HTTPS

13 %IPv6

8 Domains

9 Subdomains

9 IPs

4 Countries

3809 kBTransfer

4100 kBSize

17 Cookies

6 Outgoing links

Redirected requests

141 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sxoexpandedgets.z13.web.core.windows.net Open in urlscan Pro
57.150.27.164 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

141
Requests

98 %
HTTPS

13 %
IPv6

8
Domains

9
Subdomains

9
IPs

4
Countries

3809 kB
Transfer

4100 kB
Size

17
Cookies

141 HTTP transactions
0 data transactions