urlscan.io logo urlscan.io
SecurityTrails logo

run.mocky.io Open in urlscan Pro
91.208.207.223  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://linkcuts.com/8dejsa3x
Effective URL: https://run.mocky.io/v3/72fa0a52-6e6e-43ad-b1c2-4782945d6050
Submission: On December 27 via manual from UA — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 9 domains to perform 9 HTTP transactions. The main IP is 91.208.207.223, located in France and belongs to MAGICRETAIL SQUARK SARL, FR. The main domain is run.mocky.io.
TLS certificate: Issued by R11 on October 27th 2024. Valid for: 3 months.
This is the only time run.mocky.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ukr.net (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 44.230.85.241 16509 (AMAZON-02)
1 192.46.230.144 63949 (AKAMAI-LI...)
2 91.208.207.223 43424 (MAGICRETA...)
1 2a00:1450:400... 15169 (GOOGLE)
1 34.226.108.155 14618 (AMAZON-AES)
1 3.67.15.169 16509 (AMAZON-02)
1 2606:50c0:800... 54113 (FASTLY)
1 104.17.25.14 13335 (CLOUDFLAR...)
9 8
1    44.230.85.241 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-230-85-241.us-west-2.compute.amazonaws.com
linkcuts.com
1    192.46.230.144 (Singapore, Singapore)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 192-46-230-144.ip.linodeusercontent.com
doads.org
2    91.208.207.223 (France)

ASN43424 (MAGICRETAIL SQUARK SARL, FR)
run.mocky.io
1    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    34.226.108.155 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-108-155.compute-1.amazonaws.com
httpbin.org
1    3.67.15.169 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-15-169.eu-central-1.compute.amazonaws.com
jkbfgkjdffghh.linkpc.net
1    2606:50c0:8001::154 (United States)

ASN54113 (FASTLY, US)
raw.githubusercontent.com
1    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Apex Domain
Subdomains		 Transfer
2 mocky.io
run.mocky.io
128 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225
195 KB
1 githubusercontent.com
raw.githubusercontent.com — Cisco Umbrella Rank: 4827
3 KB
1 linkpc.net
jkbfgkjdffghh.linkpc.net
292 B
1 httpbin.org
httpbin.org
188 B
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 415
33 KB
1 doads.org
doads.org
399 B
1 linkcuts.com
linkcuts.com
293 B
0 ukr.net Failed
accounts.ukr.net Failed
9 9
Domain Requested by
2 run.mocky.io doads.org
run.mocky.io
1 cdnjs.cloudflare.com run.mocky.io
1 raw.githubusercontent.com run.mocky.io
1 jkbfgkjdffghh.linkpc.net run.mocky.io
1 httpbin.org ajax.googleapis.com
1 ajax.googleapis.com run.mocky.io
1 doads.org
1 linkcuts.com 1 redirects
0 accounts.ukr.net Failed run.mocky.io
9 9

This site contains links to these domains. Also see Links.

Domain
www.ukr.net
mail.ukr.net
Subject Issuer Validity Valid
doads.org
ZeroSSL RSA Domain Secure Site CA		 2024-12-19 -
2025-03-19		 3 months crt.sh
run.mocky.io
R11		 2024-10-27 -
2025-01-25		 3 months crt.sh
upload.video.google.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
httpbin.org
Amazon RSA 2048 M02		 2024-08-20 -
2025-09-17		 a year crt.sh
jkbfgkjdffghh.linkpc.net
ZeroSSL RSA Domain Secure Site CA		 2024-12-23 -
2025-03-23		 3 months crt.sh
*.github.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-03-15 -
2025-03-14		 a year crt.sh
cdnjs.cloudflare.com
WE1		 2024-11-26 -
2025-02-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://run.mocky.io/v3/72fa0a52-6e6e-43ad-b1c2-4782945d6050
Frame ID: A6FB84BF6F3C9B3136F0869FBBB0E5FE
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Пошта @ ukr.net - українська електронна пошта

Page URL History Show full URLs

  1. https://linkcuts.com/8dejsa3x HTTP 307
    https://doads.org//8dejsa3x Page URL
  2. https://run.mocky.io/v3/72fa0a52-6e6e-43ad-b1c2-4782945d6050 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

89 %
HTTPS

25 %
IPv6

9
Domains

9
Subdomains

8
IPs

5
Countries

360 kB
Transfer

821 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://linkcuts.com/8dejsa3x HTTP 307
    https://doads.org//8dejsa3x Page URL
  2. https://run.mocky.io/v3/72fa0a52-6e6e-43ad-b1c2-4782945d6050 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://linkcuts.com/8dejsa3x HTTP 307
  • https://doads.org//8dejsa3x

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
8dejsa3x
doads.org//
Redirect Chain
  • https://linkcuts.com/8dejsa3x
  • https://doads.org//8dejsa3x
109 B
399 B 		Document
General
Check archive.org
Download Go to
Full URL
https://doads.org//8dejsa3x
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.46.230.144 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
192-46-230-144.ip.linodeusercontent.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Connection
Upgrade, Keep-Alive
Content-Encoding
gzip
Content-Length
121
Content-Type
text/html; charset=UTF-8
Date
Fri, 27 Dec 2024 14:11:46 GMT
Keep-Alive
timeout=5, max=100
Server
Apache/2.4.52 (Ubuntu)
Upgrade
h2,h2c
Vary
Accept-Encoding

Redirect headers

content-length
168
content-type
text/html; charset=utf-8
date
Fri, 27 Dec 2024 14:11:45 GMT
location
https://doads.org//8dejsa3x
server
openresty
x-frame-options
sameorigin
Primary Request 72fa0a52-6e6e-43ad-b1c2-4782945d6050
run.mocky.io/v3/ 		128 KB
128 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://run.mocky.io/v3/72fa0a52-6e6e-43ad-b1c2-4782945d6050
Requested by
Host: doads.org
URL: https://doads.org//8dejsa3x
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
91.208.207.223 , France, ASN43424 (MAGICRETAIL SQUARK SARL, FR),
Reverse DNS
Software
/
Resource Hash
aace9bbe05a8f1adec03da01e5a3b822513abde9d7c434c2d0e90dcb64014624

Request headers

Referer
https://doads.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Content-Length
130570
Content-Type
text/html; charset=UTF-8
Date
Fri, 27 Dec 2024 14:11:48 GMT
Sozu-Id
01JG47B2HGB5SHZC3DYTWVY8MD
8dbd585e-805d-4b14-8485-c6da4c3ef5a7
run.mocky.io/v3/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://run.mocky.io/v3/8dbd585e-805d-4b14-8485-c6da4c3ef5a7
Requested by
Host: run.mocky.io
URL: https://run.mocky.io/v3/72fa0a52-6e6e-43ad-b1c2-4782945d6050
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
91.208.207.223 , France, ASN43424 (MAGICRETAIL SQUARK SARL, FR),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://run.mocky.io/v3/72fa0a52-6e6e-43ad-b1c2-4782945d6050

Response headers

Date
Fri, 27 Dec 2024 14:11:48 GMT
Sozu-Id
01JG47B2JEM16M8XM2XKFQEFMF
Content-Length
0
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.1/ 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js
Requested by
Host: run.mocky.io
URL: https://run.mocky.io/v3/72fa0a52-6e6e-43ad-b1c2-4782945d6050
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8bf150f6b29d6c9337de6c945a8f63c929b203442040688878bc2753fe13e007
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://run.mocky.io/

Response headers

content-encoding
gzip
age
274373
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Wed, 24 Dec 2025 09:58:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 24 Dec 2024 09:58:55 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
32984
x-xss-protection
0
server
sffe
ip
httpbin.org/ 		34 B
188 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://httpbin.org/ip
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.226.108.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-108-155.compute-1.amazonaws.com
Software
gunicorn/19.9.0 /
Resource Hash
cd85f355ad73477a91b97857b7a160e703f4ce8550d448fa2e9db2b7ea210ab0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://run.mocky.io/

Response headers

access-control-allow-origin
https://run.mocky.io
content-length
34
date
Fri, 27 Dec 2024 14:11:48 GMT
content-type
application/json
server
gunicorn/19.9.0
access-control-allow-credentials
true
captcha
jkbfgkjdffghh.linkpc.net/ 		14 B
292 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jkbfgkjdffghh.linkpc.net:17461/captcha
Requested by
Host: run.mocky.io
URL: https://run.mocky.io/v3/72fa0a52-6e6e-43ad-b1c2-4782945d6050
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.67.15.169 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-15-169.eu-central-1.compute.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
42664d9159470d8580040d284eab7f5ec3ea08618f71b591d72a51748a72a180

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://run.mocky.io/

Response headers

Access-Control-Expose-Headers
*
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
14
Date
Fri, 27 Dec 2024 14:11:50 GMT
Content-Type
text/html; charset=utf-8
Task
349605203
Server
nginx/1.22.1
Access-Control-Allow-Headers
*
truncated
/ 		1001 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de70432bd088c74f2269dc74f4c68f94b44bb6a81f04973058af53c6fa606579

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
84f617eae2364b8f947c5b9576bf988d1005f0275ca12d535e59b362feb2d4ae

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
text-security-disc.woff
raw.githubusercontent.com/noppa/text-security/master/dist/ 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://raw.githubusercontent.com/noppa/text-security/master/dist/text-security-disc.woff
Requested by
Host: run.mocky.io
URL: https://run.mocky.io/v3/72fa0a52-6e6e-43ad-b1c2-4782945d6050
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6252319c96777a4ce3952f63ec70735230c1c5c9392e81a9b3f9a8b2bc06c164
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://run.mocky.io
Referer
https://run.mocky.io/

Response headers

x-fastly-request-id
bb96726a161d0ef3d0976914c4bfc26d696ade06
etag
W/"e44abdbface71eb2caf90b8ec5dbe3c096fa61a91ad32c9fa46fd441d67f45ea"
x-content-type-options
nosniff
x-github-request-id
4672:44604:2331ED8:24B0506:676EB5A6
expires
Fri, 27 Dec 2024 14:16:51 GMT
x-cache
MISS
date
Fri, 27 Dec 2024 14:11:51 GMT
content-type
application/octet-stream
x-served-by
cache-fra-eddf8230085-FRA
x-cache-hits
0
source-age
0
x-frame-options
deny
strict-transport-security
max-age=31536000
vary
Authorization,Accept-Encoding,Origin
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
cache-control
max-age=300
x-timer
S1735308711.947980,VS0,VE83
cross-origin-resource-policy
cross-origin
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
2988
x-xss-protection
1; mode=block
loader-3VguyQcd.gif
accounts.ukr.net/login/assets/ 		0
0
truncated
/ 		459 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
783577c6bde48db98827b77d356a612f98305b8735df026a6073fabec963dc8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		582 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3f0560a2a244ba1e75be36071d6342c8a01357fe09031c94e43015d2a6f6e309

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		396 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
479fc333997d4c170e56429d65bf1a9bc2940a3c47cdd35dda1f0a377656764b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		799 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52b540c6b9b2c841d893f2f54356b12caee46702a21b5d78aa24328510d54c48

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
lato-bold.ttf
cdnjs.cloudflare.com/ajax/libs/lato-font/2.0.0/fonts/lato-bold/ 		587 KB
195 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/lato-font/2.0.0/fonts/lato-bold/lato-bold.ttf
Requested by
Host: run.mocky.io
URL: https://run.mocky.io/v3/72fa0a52-6e6e-43ad-b1c2-4782945d6050
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f71f833c099f450606f8107b83ef208ae918c0ea00779466d45e9be96b0bc7cc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://run.mocky.io
Referer
https://run.mocky.io/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5ecc4dc2-92b18"
age
2487324
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AZ3MctjcWAH79cHQDp%2Bm%2BWShrEcGcM3VotXb77kjZkWocQEuVwio6NMeWS4wwqzpDrbku%2FSu5sbKRHH2iULQJEDOWtycRc2%2FMIlWaXPaC%2BAai5HIjC%2BjrWPvx%2B04XPKpfBz9LDCB"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:11:50 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Fri, 27 Dec 2024 14:11:50 GMT
content-type
application/octet-stream; charset=utf-8
last-modified
Mon, 25 May 2020 22:59:14 GMT
vary
Accept-Encoding
priority
u=0,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8f89e6f22a844d8a-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
199387
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
accounts.ukr.net
URL
https://accounts.ukr.net/login/assets/loader-3VguyQcd.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ukr.net (Online)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery string| baseurl string| task function| next function| next2 function| finaly function| wait function| nowait object| respIP function| send function| getIP function| captcha function| success function| success2 string| form_first string| form_second string| form_third string| ukrurl function| setInp

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://run.mocky.io/v3/8dbd585e-805d-4b14-8485-c6da4c3ef5a7
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)