urlscan.io logo urlscan.io
SecurityTrails logo

run.mocky.io Open in urlscan Pro
91.208.207.216  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ukrainesafe.is-great.org/
Effective URL: https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78
Submission: On November 01 via manual from GB — Scanned from IS
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 6 countries across 8 domains to perform 12 HTTP transactions. The main IP is 91.208.207.216, located in France and belongs to MAGICRETAIL, FR. The main domain is run.mocky.io.
TLS certificate: Issued by R11 on October 27th 2024. Valid for: 3 months.
This is the only time run.mocky.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ukr.net (Online)

Domain & IP information

IP Address AS Autonomous System
3 185.27.134.114 34119 (WILDCARD-...)
2 91.208.207.216 43424 (MAGICRETAIL)
1 2a00:1450:400... 15169 (GOOGLE)
1 100.29.106.188 14618 (AMAZON-AES)
1 3.67.15.169 16509 (AMAZON-02)
1 2606:50c0:800... 54113 (FASTLY)
2 212.42.75.253 8856 (UKRNET Kiev)
1 104.17.24.14 13335 (CLOUDFLAR...)
12 9
3    185.27.134.114 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
ukrainesafe.is-great.org
2    91.208.207.216 (France)

ASN43424 (MAGICRETAIL, FR)
run.mocky.io
1    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    100.29.106.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-29-106-188.compute-1.amazonaws.com
httpbin.org
1    3.67.15.169 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-15-169.eu-central-1.compute.amazonaws.com
jkbfgkjdffghh.linkpc.net
1    2606:50c0:8000::154 (United States)

ASN54113 (FASTLY, US)
raw.githubusercontent.com
2    212.42.75.253 (Ukraine)

ASN8856 (UKRNET Kiev, Ukraine, UA)
PTR: frvdc-253.fwdcdn.com
accounts.ukr.net
1    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Apex Domain
Subdomains		 Transfer
3 is-great.org
ukrainesafe.is-great.org
15 KB
2 ukr.net
accounts.ukr.net — Cisco Umbrella Rank: 332635
4 KB
2 mocky.io
run.mocky.io
128 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220
195 KB
1 githubusercontent.com
raw.githubusercontent.com — Cisco Umbrella Rank: 4897
3 KB
1 linkpc.net
jkbfgkjdffghh.linkpc.net
292 B
1 httpbin.org
httpbin.org
186 B
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 412
33 KB
12 8
Domain Requested by
3 ukrainesafe.is-great.org ukrainesafe.is-great.org
2 accounts.ukr.net run.mocky.io
2 run.mocky.io ukrainesafe.is-great.org
run.mocky.io
1 cdnjs.cloudflare.com run.mocky.io
1 raw.githubusercontent.com run.mocky.io
1 jkbfgkjdffghh.linkpc.net run.mocky.io
1 httpbin.org ajax.googleapis.com
1 ajax.googleapis.com run.mocky.io
12 8

This site contains links to these domains. Also see Links.

Domain
www.ukr.net
mail.ukr.net
Subject Issuer Validity Valid
run.mocky.io
R11		 2024-10-27 -
2025-01-25		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
httpbin.org
Amazon RSA 2048 M02		 2024-08-20 -
2025-09-17		 a year crt.sh
jkbfgkjdffghh.linkpc.net
ZeroSSL RSA Domain Secure Site CA		 2024-09-24 -
2024-12-23		 3 months crt.sh
*.github.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-03-15 -
2025-03-14		 a year crt.sh
*.ukr.net
Thawte TLS RSA CA G1		 2024-03-15 -
2025-04-15		 a year crt.sh
cdnjs.cloudflare.com
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78
Frame ID: 10EB6060F388BAEDB8C562562CB873FD
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Пошта @ ukr.net - українська електронна пошта

Page URL History Show full URLs

  1. http://ukrainesafe.is-great.org/ HTTP 307
    https://ukrainesafe.is-great.org/ HTTP 307
    http://ukrainesafe.is-great.org/ Page URL
  2. http://ukrainesafe.is-great.org/?i=1 Page URL
  3. https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

75 %
HTTPS

25 %
IPv6

8
Domains

8
Subdomains

9
IPs

6
Countries

379 kB
Transfer

839 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ukrainesafe.is-great.org/ HTTP 307
    https://ukrainesafe.is-great.org/ HTTP 307
    http://ukrainesafe.is-great.org/ Page URL
  2. http://ukrainesafe.is-great.org/?i=1 Page URL
  3. https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ukrainesafe.is-great.org/ HTTP 307
  • https://ukrainesafe.is-great.org/ HTTP 307
  • http://ukrainesafe.is-great.org/

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ukrainesafe.is-great.org/
Redirect Chain
  • http://ukrainesafe.is-great.org/
  • https://ukrainesafe.is-great.org/
  • http://ukrainesafe.is-great.org/
835 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ukrainesafe.is-great.org/
Protocol
HTTP/1.1
Server
185.27.134.114 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
fa1ef0e414338f967e56142ddd270cb584f6be46f7c3a0c53b45e7911ebbb28f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache
Connection
keep-alive
Content-Length
835
Content-Type
text/html
Date
Fri, 01 Nov 2024 21:42:39 GMT
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Server
nginx

Redirect headers

Location
http://ukrainesafe.is-great.org/
Non-Authoritative-Reason
HttpsUpgrades
aes.js
ukrainesafe.is-great.org/ 		13 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ukrainesafe.is-great.org/aes.js
Requested by
Host: ukrainesafe.is-great.org
URL: http://ukrainesafe.is-great.org/
Protocol
HTTP/1.1
Server
185.27.134.114 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
http://ukrainesafe.is-great.org/

Response headers

ETag
"652c158d-35a5"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13733
Date
Fri, 01 Nov 2024 21:42:39 GMT
Content-Type
application/javascript
Last-Modified
Sun, 15 Oct 2023 16:38:37 GMT
Server
nginx
/
ukrainesafe.is-great.org/ 		101 B
449 B 		Document
General
Check archive.org
Download Go to
Full URL
http://ukrainesafe.is-great.org/?i=1
Requested by
Host: ukrainesafe.is-great.org
URL: http://ukrainesafe.is-great.org/
Protocol
HTTP/1.1
Server
185.27.134.114 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
http://ukrainesafe.is-great.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=2592000, public, proxy-revalidate
Connection
keep-alive
Content-Length
101
Content-Type
text/html; charset=UTF-8
Date
Fri, 01 Nov 2024 21:42:39 GMT
ETag
"65-625ab97fbd5d2"
Expires
Sun, 01 Dec 2024 21:42:39 GMT
Last-Modified
Wed, 30 Oct 2024 06:12:59 GMT
Server
nginx
Primary Request 2a14133a-bfe6-469d-8d96-8937b22b3d78
run.mocky.io/v3/ 		128 KB
128 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78
Requested by
Host: ukrainesafe.is-great.org
URL: http://ukrainesafe.is-great.org/?i=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
91.208.207.216 , France, ASN43424 (MAGICRETAIL, FR),
Reverse DNS
Software
/
Resource Hash
aace9bbe05a8f1adec03da01e5a3b822513abde9d7c434c2d0e90dcb64014624

Request headers

Referer
http://ukrainesafe.is-great.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Content-Length
130570
Content-Type
text/html; charset=UTF-8
Date
Fri, 01 Nov 2024 21:42:39 GMT
Sozu-Id
01JBMTWC07P59GV5891P4NRMP0
8dbd585e-805d-4b14-8485-c6da4c3ef5a7
run.mocky.io/v3/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://run.mocky.io/v3/8dbd585e-805d-4b14-8485-c6da4c3ef5a7
Requested by
Host: run.mocky.io
URL: https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
91.208.207.216 , France, ASN43424 (MAGICRETAIL, FR),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78

Response headers

Date
Fri, 01 Nov 2024 21:42:40 GMT
Sozu-Id
01JBMTWC3MDN9D9GYH3ATHEFMK
Content-Length
0
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.1/ 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js
Requested by
Host: run.mocky.io
URL: https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8bf150f6b29d6c9337de6c945a8f63c929b203442040688878bc2753fe13e007
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://run.mocky.io/

Response headers

content-encoding
gzip
age
195409
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Thu, 30 Oct 2025 15:25:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 30 Oct 2024 15:25:51 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
32984
x-xss-protection
0
server
sffe
ip
httpbin.org/ 		32 B
186 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://httpbin.org/ip
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.29.106.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-29-106-188.compute-1.amazonaws.com
Software
gunicorn/19.9.0 /
Resource Hash
234ccf2420f16b827228247b1a50140c6cc2baa97e19b6f9cb02bd82051ceec9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://run.mocky.io/

Response headers

access-control-allow-origin
https://run.mocky.io
content-length
32
date
Fri, 01 Nov 2024 21:42:41 GMT
content-type
application/json
server
gunicorn/19.9.0
access-control-allow-credentials
true
captcha
jkbfgkjdffghh.linkpc.net/ 		14 B
292 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jkbfgkjdffghh.linkpc.net:17461/captcha
Requested by
Host: run.mocky.io
URL: https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.67.15.169 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-15-169.eu-central-1.compute.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
453ae268ff393f7f0960c36dacf3712a24acfc8f48aaabcc94f5eb764d158b70

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://run.mocky.io/

Response headers

Access-Control-Expose-Headers
*
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
14
Date
Fri, 01 Nov 2024 21:42:42 GMT
Content-Type
text/html; charset=utf-8
Task
529185756
Server
nginx/1.22.1
Access-Control-Allow-Headers
*
truncated
/ 		1001 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de70432bd088c74f2269dc74f4c68f94b44bb6a81f04973058af53c6fa606579

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
84f617eae2364b8f947c5b9576bf988d1005f0275ca12d535e59b362feb2d4ae

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
text-security-disc.woff
raw.githubusercontent.com/noppa/text-security/master/dist/ 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://raw.githubusercontent.com/noppa/text-security/master/dist/text-security-disc.woff
Requested by
Host: run.mocky.io
URL: https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6252319c96777a4ce3952f63ec70735230c1c5c9392e81a9b3f9a8b2bc06c164
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://run.mocky.io
Referer
https://run.mocky.io/

Response headers

x-fastly-request-id
a8f368c82ac51a8544deee30dc0de43a7ed93fa3
etag
W/"e44abdbface71eb2caf90b8ec5dbe3c096fa61a91ad32c9fa46fd441d67f45ea"
x-content-type-options
nosniff
x-github-request-id
CB33:16FA69:2A7EC:69786:67254B50
expires
Fri, 01 Nov 2024 21:47:42 GMT
x-cache
MISS
date
Fri, 01 Nov 2024 21:42:42 GMT
content-type
application/octet-stream
x-served-by
cache-dub4344-DUB
x-cache-hits
0
source-age
0
x-frame-options
deny
strict-transport-security
max-age=31536000
vary
Authorization,Accept-Encoding,Origin
content-security-policy
default-src 'none'; style-src 'unsafe-inline'; sandbox
cache-control
max-age=300
x-timer
S1730497363.703838,VS0,VE69
cross-origin-resource-policy
cross-origin
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
2988
x-xss-protection
1; mode=block
loader-3VguyQcd.gif
accounts.ukr.net/login/assets/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.ukr.net/login/assets/loader-3VguyQcd.gif
Requested by
Host: run.mocky.io
URL: https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.42.75.253 , Ukraine, ASN8856 (UKRNET Kiev, Ukraine, UA),
Reverse DNS
frvdc-253.fwdcdn.com
Software
nginx /
Resource Hash
19e1bf9fe02363f52bea7320bf01172b4e256133c5ba593f2edcee480ea1e658

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://run.mocky.io/

Response headers

cache-control
max-age=1209600
etag
"6672e2d6-a85"
expires
Fri, 15 Nov 2024 21:42:42 GMT
accept-ranges
bytes
content-length
2693
date
Fri, 01 Nov 2024 21:42:42 GMT
content-type
image/gif
last-modified
Wed, 19 Jun 2024 13:53:26 GMT
server
nginx
x-upstream
4110.10.20.37:5080
truncated
/ 		459 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
783577c6bde48db98827b77d356a612f98305b8735df026a6073fabec963dc8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		582 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3f0560a2a244ba1e75be36071d6342c8a01357fe09031c94e43015d2a6f6e309

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		396 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
479fc333997d4c170e56429d65bf1a9bc2940a3c47cdd35dda1f0a377656764b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		799 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52b540c6b9b2c841d893f2f54356b12caee46702a21b5d78aa24328510d54c48

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
lato-bold.ttf
cdnjs.cloudflare.com/ajax/libs/lato-font/2.0.0/fonts/lato-bold/ 		587 KB
195 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/lato-font/2.0.0/fonts/lato-bold/lato-bold.ttf
Requested by
Host: run.mocky.io
URL: https://run.mocky.io/v3/2a14133a-bfe6-469d-8d96-8937b22b3d78
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f71f833c099f450606f8107b83ef208ae918c0ea00779466d45e9be96b0bc7cc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://run.mocky.io
Referer
https://run.mocky.io/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
MISS
etag
"5ecc4dc2-92b18"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XgOnkEa8carCbGeKivJFn40g6PXETzNfDAzWZMIgxxzkKKquYzfrOzVghL%2Bfu4GSsEnI8qO9jBPRH8ffMYtBSYc9BMm7wxDw1Bk84r315D%2FmmxQVBFd%2B7kggQ7DfWht22wqcxuja"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 21:42:42 GMT
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 21:42:42 GMT
content-type
application/octet-stream; charset=utf-8
last-modified
Mon, 25 May 2020 22:59:14 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8dbf0e648ee85cc1-KEF
accept-ranges
bytes
access-control-allow-origin
*
content-length
199387
server
cloudflare
favicon.ico
accounts.ukr.net/login/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://accounts.ukr.net/login/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.42.75.253 , Ukraine, ASN8856 (UKRNET Kiev, Ukraine, UA),
Reverse DNS
frvdc-253.fwdcdn.com
Software
nginx /
Resource Hash
98e7b565107cec0de9c9f0d02ec8fa9a34c02033711bb8be86b64d830f69be38

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://run.mocky.io/

Response headers

cache-control
max-age=1209600
etag
"6723b1c1-47e"
expires
Fri, 15 Nov 2024 21:42:43 GMT
accept-ranges
bytes
content-length
1150
date
Fri, 01 Nov 2024 21:42:43 GMT
content-type
image/x-icon
last-modified
Thu, 31 Oct 2024 16:35:13 GMT
server
nginx
x-upstream
4110.10.20.49:5080

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ukr.net (Online)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery string| baseurl string| task function| next function| next2 function| finaly function| wait function| nowait object| respIP function| send function| getIP function| captcha function| success function| success2 string| form_first string| form_second string| form_third string| ukrurl function| setInp

1 Cookies

Domain/Path Name / Value
ukrainesafe.is-great.org/ Name: __test
Value: 0279fdd258bf73fa15c161ed899ae94e

1 Console Messages

Source Level URL
Text
network error URL: https://run.mocky.io/v3/8dbd585e-805d-4b14-8485-c6da4c3ef5a7
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.ukr.net
ajax.googleapis.com
cdnjs.cloudflare.com
httpbin.org
jkbfgkjdffghh.linkpc.net
raw.githubusercontent.com
run.mocky.io
ukrainesafe.is-great.org
100.29.106.188
104.17.24.14
185.27.134.114
212.42.75.253
2606:50c0:8000::154
2a00:1450:4001:810::200a
3.67.15.169
91.208.207.216
19e1bf9fe02363f52bea7320bf01172b4e256133c5ba593f2edcee480ea1e658
234ccf2420f16b827228247b1a50140c6cc2baa97e19b6f9cb02bd82051ceec9
3f0560a2a244ba1e75be36071d6342c8a01357fe09031c94e43015d2a6f6e309
453ae268ff393f7f0960c36dacf3712a24acfc8f48aaabcc94f5eb764d158b70
479fc333997d4c170e56429d65bf1a9bc2940a3c47cdd35dda1f0a377656764b
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96
52b540c6b9b2c841d893f2f54356b12caee46702a21b5d78aa24328510d54c48
6252319c96777a4ce3952f63ec70735230c1c5c9392e81a9b3f9a8b2bc06c164
783577c6bde48db98827b77d356a612f98305b8735df026a6073fabec963dc8a
84f617eae2364b8f947c5b9576bf988d1005f0275ca12d535e59b362feb2d4ae
8bf150f6b29d6c9337de6c945a8f63c929b203442040688878bc2753fe13e007
98e7b565107cec0de9c9f0d02ec8fa9a34c02033711bb8be86b64d830f69be38
aace9bbe05a8f1adec03da01e5a3b822513abde9d7c434c2d0e90dcb64014624
de70432bd088c74f2269dc74f4c68f94b44bb6a81f04973058af53c6fa606579
f71f833c099f450606f8107b83ef208ae918c0ea00779466d45e9be96b0bc7cc
fa1ef0e414338f967e56142ddd270cb584f6be46f7c3a0c53b45e7911ebbb28f