urlscan.io logo urlscan.io
SecurityTrails logo

run.mocky.io Open in urlscan Pro
185.42.117.109  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://run.mocky.io/v3/4e14d583-bbf5-4af3-9a86-4c0938a7802a
Submission: On February 21 via manual from US — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 6 HTTP transactions. The main IP is 185.42.117.109, located in France and belongs to MAGICRETAIL, FR. The main domain is run.mocky.io.
This is the only time run.mocky.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ukr.net (Online)

Domain & IP information

IP Address AS Autonomous System
1 185.42.117.109 43424 (MAGICRETAIL)
2 212.42.75.253 8856 (UKRNET Kiev)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:50c0:800... 54113 (FASTLY)
6 5
Apex Domain
Subdomains		 Transfer
2 ukr.net
accounts.ukr.net — Cisco Umbrella Rank: 205402
19 KB
1 githubusercontent.com
raw.githubusercontent.com — Cisco Umbrella Rank: 4309
3 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 434
92 KB
1 mocky.io
run.mocky.io
8 KB
0 Failed
function sub() { [native code] }. Failed
6 5
Domain Requested by
2 accounts.ukr.net run.mocky.io
accounts.ukr.net
1 raw.githubusercontent.com run.mocky.io
1 ajax.googleapis.com run.mocky.io
1 run.mocky.io
0 73.80.9.137 Failed run.mocky.io
6 5

This site contains no links.

Subject Issuer Validity Valid
*.ukr.net
Thawte TLS RSA CA G1		 2023-04-29 -
2024-03-29		 a year crt.sh
*.github.io
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-21 -
2024-03-20		 a year crt.sh

This page contains 1 frames:

Primary Page: http://run.mocky.io/v3/4e14d583-bbf5-4af3-9a86-4c0938a7802a
Frame ID: E52EAB3A7E3C94AF67C81C65C74D5C14
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

UkrNet

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

50 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

123 kB
Transfer

173 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 4e14d583-bbf5-4af3-9a86-4c0938a7802a
run.mocky.io/v3/ 		8 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://run.mocky.io/v3/4e14d583-bbf5-4af3-9a86-4c0938a7802a
Protocol
HTTP/1.1
Server
185.42.117.109 , France, ASN43424 (MAGICRETAIL, FR),
Reverse DNS
Software
/
Resource Hash
932ef33f8ab9ba17570282a45b7eb6ac5a04a517ada3dfa5e34d68fab6a206e1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Content-Length
8509
Content-Type
text/html; charset=UTF-8
Date
Wed, 21 Feb 2024 14:28:37 GMT
Sozu-Id
01HQ6131M2RXJZVWX1Y3NGQXGS
bundle.css
accounts.ukr.net/login/css/ 		58 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounts.ukr.net/login/css/bundle.css?7a8389c0
Requested by
Host: run.mocky.io
URL: http://run.mocky.io/v3/4e14d583-bbf5-4af3-9a86-4c0938a7802a
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.42.75.253 , Ukraine, ASN8856 (UKRNET Kiev, Ukraine, UA),
Reverse DNS
frvdc-253.fwdcdn.com
Software
nginx /
Resource Hash
232de20a11e482a7564e6b0a3f8d7a2163af6557a1503b3a05ddb4133baf6987

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://run.mocky.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 14:28:37 GMT
content-encoding
gzip
last-modified
Mon, 11 Dec 2023 16:12:10 GMT
server
nginx
etag
W/"657734da-e98b"
content-type
text/css
x-upstream
4110.10.20.37:5080
cache-control
max-age=1209600
expires
Wed, 06 Mar 2024 14:28:37 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.1/ 		91 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js
Requested by
Host: run.mocky.io
URL: http://run.mocky.io/v3/4e14d583-bbf5-4af3-9a86-4c0938a7802a
Protocol
HTTP/1.1
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8bf150f6b29d6c9337de6c945a8f63c929b203442040688878bc2753fe13e007
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://run.mocky.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Wed, 21 Feb 2024 07:37:44 GMT
X-Content-Type-Options
nosniff
Age
24653
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy
cross-origin
Content-Length
93057
X-XSS-Protection
0
Last-Modified
Tue, 03 Mar 2020 19:15:00 GMT
Server
sffe
Cross-Origin-Opener-Policy
same-origin; report-to="hosted-libraries-pushers"
Vary
Accept-Encoding
Report-To
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Thu, 20 Feb 2025 07:37:44 GMT
captcha
73.80.9.137/ 		0
0
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
84f617eae2364b8f947c5b9576bf988d1005f0275ca12d535e59b362feb2d4ae

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
text-security-disc.woff
raw.githubusercontent.com/noppa/text-security/master/dist/ 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://raw.githubusercontent.com/noppa/text-security/master/dist/text-security-disc.woff
Requested by
Host: run.mocky.io
URL: http://run.mocky.io/v3/4e14d583-bbf5-4af3-9a86-4c0938a7802a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6252319c96777a4ce3952f63ec70735230c1c5c9392e81a9b3f9a8b2bc06c164
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
http://run.mocky.io/
Origin
http://run.mocky.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-fastly-request-id
34cf7675fe748c240ccccc86a0f1f469ef86b47b
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
date
Wed, 21 Feb 2024 14:28:37 GMT
via
1.1 varnish
x-cache-hits
0
x-cache
MISS
cross-origin-resource-policy
cross-origin
content-length
2988
x-xss-protection
1; mode=block
x-served-by
cache-lcy-eglc8600075-LCY
x-github-request-id
CAE8:24F12C:EAF1EA:F460ED:65D60895
x-timer
S1708525718.500246,VS0,VE101
etag
W/"e44abdbface71eb2caf90b8ec5dbe3c096fa61a91ad32c9fa46fd441d67f45ea"
source-age
0
x-frame-options
deny
vary
Authorization,Accept-Encoding,Origin
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
expires
Wed, 21 Feb 2024 14:33:37 GMT
loader-3VguyQcd.gif
accounts.ukr.net/login/assets/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.ukr.net/login/assets/loader-3VguyQcd.gif
Requested by
Host: accounts.ukr.net
URL: https://accounts.ukr.net/login/css/bundle.css?7a8389c0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.42.75.253 , Ukraine, ASN8856 (UKRNET Kiev, Ukraine, UA),
Reverse DNS
frvdc-253.fwdcdn.com
Software
nginx /
Resource Hash
19e1bf9fe02363f52bea7320bf01172b4e256133c5ba593f2edcee480ea1e658

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://accounts.ukr.net/login/css/bundle.css?7a8389c0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 14:28:37 GMT
last-modified
Mon, 11 Dec 2023 16:12:10 GMT
server
nginx
etag
"657734da-a85"
content-type
image/gif
x-upstream
4110.10.20.48:5080
cache-control
max-age=1209600
accept-ranges
bytes
content-length
2693
expires
Wed, 06 Mar 2024 14:28:37 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
73.80.9.137
URL
http://73.80.9.137:35770/captcha

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ukr.net (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| show_last function| next function| next2 function| wait function| nowait function| send function| captcha function| success function| success2 string| form_first string| form_second string| form_third string| ukrurl function| setInp

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: http://73.80.9.137:35770/captcha
Message:
Failed to load resource: net::ERR_ADDRESS_UNREACHABLE