kucherenko-design.ru

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 87.236.16.217, located in Russian Federation and belongs to BEGET-AS, RU. The main domain is kucherenko-design.ru.

This is the only time kucherenko-design.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australian Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 2	217.21.91.71 217.21.91.71	47583 (AS-HOSTINGER) (AS-HOSTINGER)
2 4	87.236.16.217 87.236.16.217	198610 (BEGET-AS) (BEGET-AS)
3	3

2 217.21.91.71 (Germany) 1 redirects

ASN47583 (AS-HOSTINGER, CY)

pturmicjainpurbsr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 87.236.16.217 (Russian Federation) 2 redirects

ASN198610 (BEGET-AS, RU)
PTR: ssl.raiden.beget.com

kucherenko-design.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	kucherenko-design.ru 2 redirects kucherenko-design.ru	66 KB
2	pturmicjainpurbsr.com 1 redirects pturmicjainpurbsr.com	550 B
3	2

	Domain	Requested by
4	kucherenko-design.ru	2 redirects kucherenko-design.ru
2	pturmicjainpurbsr.com	1 redirects
3	2

This site contains no links.

Subject Issuer	Validity	Valid
pturmicjainpurbsr.com R3	`2022-07-28` - `2022-10-26`	3 months	crt.sh
kucherenko-design.ru R3	`2022-08-03` - `2022-11-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/e02630d024b7db4d32161e6a1ee95415/
Frame ID: E05D1D8A87D3D9B9F55F4FDAA8E9C03D
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://pturmicjainpurbsr.com/e HTTP 301
https://pturmicjainpurbsr.com/e/ Page URL
https://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/ Page URL
https://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/ HTTP 302
https://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/202... HTTP 301
http://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/202... Page URL

Page Statistics

3
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

66 kB
Transfer

350 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pturmicjainpurbsr.com/e HTTP 301
https://pturmicjainpurbsr.com/e/ Page URL
https://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/ Page URL
https://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/ HTTP 302
https://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/e02630d024b7db4d32161e6a1ee95415 HTTP 301
http://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/e02630d024b7db4d32161e6a1ee95415/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://pturmicjainpurbsr.com/e HTTP 301
https://pturmicjainpurbsr.com/e/

3 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
pturmicjainpurbsr.com/e/
Redirect Chain

https://pturmicjainpurbsr.com/e
https://pturmicjainpurbsr.com/e/

222 B
287 B

385ms
382ms

Document
text/html

217.21.91.71
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://pturmicjainpurbsr.com/e/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

217.21.91.71 , Germany, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/7.4.30

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

content-encoding: br
content-length: 194
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Fri, 26 Aug 2022 06:05:36 GMT
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/7.4.30

Redirect headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 707
content-security-policy: upgrade-insecure-requests
content-type: text/html
date: Fri, 26 Aug 2022 06:05:36 GMT
location: https://pturmicjainpurbsr.com/e/
server: LiteSpeed

GET
H2 200 / Show response
kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/ 274 B
407 B 2401ms
405ms Document
text/html 87.236.16.217
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.217 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.raiden.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 0032588b8d93a807cf0f48a806ccf125677503a6fabe4105a6dc69e81ace6091

Request headers

Referer: https://pturmicjainpurbsr.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
content-length: 274
content-type: text/html
date: Fri, 26 Aug 2022 06:05:38 GMT
etag: "5d558010-112"
last-modified: Thu, 15 Aug 2019 15:53:52 GMT
server: nginx-reuseport/1.21.1

GET
H/1.1

200
OK

Primary Request / Show response
kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/e02630d024b7db4d32161e6a1ee95415/
Redirect Chain

https://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/
https://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/e02630d024b7db4d32161e6a1ee95415
http://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/e02630d024b7db4d32161e6a1ee95415/

233 KB
65 KB

830ms
425ms

Document
text/html

87.236.16.217
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/e02630d024b7db4d32161e6a1ee95415/
Requested by: Host: kucherenko-design.ru
URL: https://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/
Protocol: HTTP/1.1
Server: 87.236.16.217 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.raiden.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 24f487e722e8f6b31bf6d7580faf5b74d4b5ff20993decae07fa59a79c4dd585

Request headers

Referer: https://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 26 Aug 2022 06:05:40 GMT
ETag: W/"3a3ce-5e71eb40c6d32"
Keep-Alive: timeout=30
Last-Modified: Fri, 26 Aug 2022 06:05:39 GMT
Server: nginx-reuseport/1.21.1
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

content-length: 431
content-type: text/html; charset=iso-8859-1
date: Fri, 26 Aug 2022 06:05:39 GMT
location: http://kucherenko-design.ru/wp-admin/user/reply/-/ato/availble/forms/safe/browser/-/office/2022/form/2022/e02630d024b7db4d32161e6a1ee95415/
server: nginx-reuseport/1.21.1

GET
DATA 200
OK truncated
/ 113 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://kucherenko-design.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://kucherenko-design.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 742 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e470bb1617b294c5f4c8c456278f819d1640b90c2c15e5d237d3c0683aa32a22

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://kucherenko-design.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 844 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 428f159a75c5ab70e22fa870b75a7409a87b7954c427a8ca22dc996af4098c5a

Request headers

accept-language: en-AU,en;q=0.9
Referer: http://kucherenko-design.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australian Government (Government)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			kucherenko-design.ru/	1970-01-20 10:54:13	Name: beget Value: begetok

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

kucherenko-design.ru
pturmicjainpurbsr.com
217.21.91.71
87.236.16.217
0032588b8d93a807cf0f48a806ccf125677503a6fabe4105a6dc69e81ace6091
24f487e722e8f6b31bf6d7580faf5b74d4b5ff20993decae07fa59a79c4dd585
428f159a75c5ab70e22fa870b75a7409a87b7954c427a8ca22dc996af4098c5a
42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721
91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb
e470bb1617b294c5f4c8c456278f819d1640b90c2c15e5d237d3c0683aa32a22

kucherenko-design.ru Open in urlscan Pro 87.236.16.217 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

3 Requests

67 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

66 kBTransfer

350 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

kucherenko-design.ru Open in urlscan Pro
87.236.16.217 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

66 kB
Transfer

350 kB
Size

1
Cookies

3 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!