kusen-service-ag.de Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://grupolegadomx.com/S
Effective URL:
https://kusen-service-ag.de/LN
Submission: On October 11 via manual (October 11th 2024, 10:54:02 am UTC) from DE — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is kusen-service-ag.de.
TLS certificate: Issued by WE1 on October 8th 2024. Valid for: 3 months.

This is the only time kusen-service-ag.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	204.93.224.104 204.93.224.104	23352 (SERVERCEN...) (SERVERCENTRAL)
2 15	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	3

2 204.93.224.104 (Chicago, United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: bh8960.banahosting.com

grupolegadomx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a06:98c1:3121::3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

kusen-service-ag.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	kusen-service-ag.de 2 redirects kusen-service-ag.de	26 KB
2	grupolegadomx.com 1 redirects grupolegadomx.com	1 KB
15	2

	Domain	Requested by
15	kusen-service-ag.de	2 redirects kusen-service-ag.de grupolegadomx.com
2	grupolegadomx.com	1 redirects
15	2

This site contains no links.

Subject Issuer	Validity	Valid
*.grupolegadomx.com R10	`2024-10-08` - `2025-01-06`	3 months	crt.sh
kusen-service-ag.de WE1	`2024-10-08` - `2025-01-06`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://kusen-service-ag.de/LN
Frame ID: CA9DAC100EB04CC05F373E228F7DA77F
Requests: 11 HTTP requests in this frame

Frame: https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js
Frame ID: D809CFE410F02E0A59D1685BFD0FC976
Requests: 2 HTTP requests in this frame

Frame: https://kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/main.js
Frame ID: F633F2E98D2E8ADB40242CE117F5C58C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

https://grupolegadomx.com/S HTTP 301
https://grupolegadomx.com/S/ Page URL
https://kusen-service-ag.de/LN Page URL
https://kusen-service-ag.de/cdn-cgi/phish-bypass?atok=IlIyCPCpIXv4TSJ4xSwJH8ZtGMLcyI80sQrp4Ghk0vM-172864... HTTP 301
https://kusen-service-ag.de/LN Page URL
https://kusen-service-ag.de/LN Page URL

Page Statistics

15
Requests

80 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

26 kB
Transfer

53 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://grupolegadomx.com/S HTTP 301
https://grupolegadomx.com/S/ Page URL
https://kusen-service-ag.de/LN Page URL
https://kusen-service-ag.de/cdn-cgi/phish-bypass?atok=IlIyCPCpIXv4TSJ4xSwJH8ZtGMLcyI80sQrp4Ghk0vM-1728644033-0.0.1.1-%2FLN HTTP 301
https://kusen-service-ag.de/LN Page URL
https://kusen-service-ag.de/LN Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://grupolegadomx.com/S HTTP 301
https://grupolegadomx.com/S/

Request Chain 6

https://kusen-service-ag.de/cdn-cgi/phish-bypass?atok=IlIyCPCpIXv4TSJ4xSwJH8ZtGMLcyI80sQrp4Ghk0vM-1728644033-0.0.1.1-%2FLN HTTP 301
https://kusen-service-ag.de/LN

Request Chain 9

https://kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
grupolegadomx.com/S/
Redirect Chain

https://grupolegadomx.com/S
https://grupolegadomx.com/S/

146 B
173 B

272ms
271ms

Document
text/html

204.93.224.104
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://grupolegadomx.com/S/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 204.93.224.104 Chicago, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: bh8960.banahosting.com
Software: /
Resource Hash: ea29a79f2d14d9364b0e7a57dc4575054c9e8ffc79d724a14b31e51b10dea7b8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-length: 103
content-type: text/html; charset=UTF-8
date: Fri, 11 Oct 2024 10:53:53 GMT
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 795
content-type: text/html
date: Fri, 11 Oct 2024 10:53:53 GMT
location: https://grupolegadomx.com/S/

GET
H3 200 LN Show response
kusen-service-ag.de/ 4 KB
2 KB 70ms
33ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/LN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e57f9439c41b94306257cd9b1e5b00f5de6371af3b86ea35affce5f308bd46e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://grupolegadomx.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-ray: 8d0e4f1abe26dbec-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 11 Oct 2024 10:53:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zf7qPISVdmBEJPpb57OaMJ2Tn6amgxWuVQb4aeH9CnPJXGvFQCqylz9saymBihHpkR%2BXs%2BIe7Fgw5V8ih9AMlLitpFwbk1fml9Ktv1yx1LQPOiBvlMvq6DAw%2BEFLB7AvSn6OOrQxyjHICovj0lXKhW36"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET favicon.ico
grupolegadomx.com/ 0
0

GET
H3 200 speculation
kusen-service-ag.de/cdn-cgi/ 128 B
573 B 27ms
26ms Other
application/speculationrules+json 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kusen-service-ag.de/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://kusen-service-ag.de
Referer: https://kusen-service-ag.de/LN

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=48HneFn2P6KsnvyVrQtn2m5DmL4iEPTkZBbT6NJ3ibT0Gi28r40IDBCyB%2FY6JNj7%2BqhJzoxKG4h8MTIltc8DN9KTUYXUIT5eKrT3RG4H9fPj4G9GkYVP8Euajhhs4nctvvU1OwLIvsYttOsIYFNSTPY1"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e4f1b1f36dbec-FRA
access-control-allow-origin: https://kusen-service-ag.de
alt-svc: h3=":443"; ma=86400
content-length: 128
date: Fri, 11 Oct 2024 10:53:53 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 200 cf.errors.css
kusen-service-ag.de/cdn-cgi/styles/ 23 KB
5 KB 23ms
23ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/cdn-cgi/styles/cf.errors.css

Requested by

Host: kusen-service-ag.de
URL: https://kusen-service-ag.de/LN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://kusen-service-ag.de/LN

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"67055fb5-5df3"
x-content-type-options: nosniff
cf-ray: 8d0e4f1b1f3bdbec-FRA
expires: Fri, 11 Oct 2024 12:53:53 GMT
date: Fri, 11 Oct 2024 10:53:53 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2024 16:37:09 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
kusen-service-ag.de/cdn-cgi/images/ 452 B
635 B 24ms
24ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kusen-service-ag.de/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: kusen-service-ag.de
URL: https://kusen-service-ag.de/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://kusen-service-ag.de/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "67055fb5-1c4"
x-content-type-options: nosniff
cf-ray: 8d0e4f1b4fc4dbec-FRA
expires: Fri, 11 Oct 2024 12:53:53 GMT
accept-ranges: bytes
content-length: 452
date: Fri, 11 Oct 2024 10:53:53 GMT
content-type: image/png
last-modified: Tue, 08 Oct 2024 16:37:09 GMT
server: cloudflare
x-frame-options: DENY

GET
H3

503

LN Show response
kusen-service-ag.de/
Redirect Chain

https://kusen-service-ag.de/cdn-cgi/phish-bypass?atok=IlIyCPCpIXv4TSJ4xSwJH8ZtGMLcyI80sQrp4Ghk0vM-1728644033-0.0.1.1-%2FLN
https://kusen-service-ag.de/LN

7 KB
8 KB

172ms
172ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/LN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d97e9b703c73f355af78e0c6dedb0bed2a9841fd1d2669b6004c77022c477b6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://kusen-service-ag.de/LN
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8d0e4f332bb0dbec-FRA
content-type: text/html; charset=utf-8
date: Fri, 11 Oct 2024 10:53:57 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8YnJata%2FI2HimfdEn56jBochbL6BxF5M8GTl9uVeXfj6bVJr4TOSerOTURYy%2BK8dpBIdBcEKnM5Nu8HuBAoarjnOZQzIXHFegaqjjPFWThvLS0Kx5Ip9PpoYqP7buRHJ79LbBLlDfGkc%2FhScS26%2FlF5T"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

cache-control: private, no-cache
cf-ray: 8d0e4f330b36dbec-FRA
content-length: 167
content-type: text/html
date: Fri, 11 Oct 2024 10:53:57 GMT
location: https://kusen-service-ag.de/LN
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 speculation
kusen-service-ag.de/cdn-cgi/ 128 B
578 B 29ms
29ms Other
application/speculationrules+json 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kusen-service-ag.de/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://kusen-service-ag.de
Referer: https://kusen-service-ag.de/LN

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8QJO3LyMF5ZZnJ%2BGiN%2BPmjO7t4h1XjUedjMdVVyEjxJY4MWigSp0fPc7cO5LkZShmF6hIh2Ld%2F76ycUBZlwG9OaMgQkqmVhUZHnO5d3ptJyav9LCk26T%2Fgs63HXh0LfbuKDoiObFd3Od6sH951rq%2FjXq"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e4f345f77dbec-FRA
access-control-allow-origin: https://kusen-service-ag.de
alt-svc: h3=":443"; ma=86400
content-length: 128
date: Fri, 11 Oct 2024 10:53:57 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

POST
H3 204 LN
kusen-service-ag.de/ 0
924 B 110ms
109ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/LN

Requested by

Host: grupolegadomx.com
URL: https://grupolegadomx.com/S/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
X-Requested-TimeStamp-Combination
Referer: https://kusen-service-ag.de/LN
X-Requested-TimeStamp
X-Requested-Type-Combination: GET
Q99i9XGhDXzLxQdeZC8EJAeX-FI: 30343034
X-Requested-with: XMLHttpRequest
PHZd--3qhIKsyrq40WlSb4vXe0: fLooHYzM2TjLwjRCXfCEdguoINw
X-Requested-Type: GET
Content-type: application/x-www-form-urlencoded
X-Requested-TimeStamp-Expire

Response headers

cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=55hqyHkt6hdH%2BaEPH%2Fhh%2FmRh0dmXgfdPDmatU%2FBgSMxsLV%2BldjDihmgHUQ2s%2BWu1mL0kdc9w2yFWFs6ECOo9qWCzJipNy9pONy3Zzpuir7Kc87OU3ekieGXCg0NuH7%2BHijlcMHSolPnT887JX3vLbbZN"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8d0e4f347fd5dbec-FRA
expires: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 11 Oct 2024 10:53:57 GMT
x-xss-protection: 1; mode=block, 1; mode=block
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3

200

main.js Show response
kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/ Frame D809
Redirect Chain

https://kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?

8 KB
4 KB

28ms
28ms

Script
application/javascript

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74c82be6d0578eca09343788b8d6dfebd29370660912a71f882f3e4badc05709

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SAYMrs6mfln5Yz%2BYvCqCH4XnoY%2BiPVu3bfzFvlhBp5ElhqNKU2t5bu2HAXOFDXzUm6628wK5nZoWQLLIpsDi%2Bsm4stgIoQF%2FpSoBgw1Nlbi4CwQt559lIPg%2FXtA2dfx5%2BRBpqJra8%2BtbgEmW0guJsXGX"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8d0e4f34a86bdbec-FRA
alt-svc: h3=":443"; ma=86400
date: Fri, 11 Oct 2024 10:53:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pA24b6WwlEuwhq%2FCXB2bZPEiUZ34LNinZ%2Fm7eG1edNqJ5m1e0Z1tHM4JgdfW%2F%2BM4ULDAkAEmZbKvQQoCTgrbVUhEKA7NS6zBu3CmeugXxHoN3wCS7M%2FKYV95HVqZTs%2BZf0ofTQ2z1jLgI1%2BhvWDFyj9t"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e4f347fdbdbec-FRA
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 11 Oct 2024 10:53:57 GMT
vary: Accept-Encoding
server: cloudflare

POST
H3 200 8d0e4f332bb0dbec
kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame D809 0
967 B 42ms
36ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/jsd/r/8d0e4f332bb0dbec
Requested by: Host: kusen-service-ag.de
URL: https://kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2B6VIL8yRX2AzkiBq1vB7MJXbiCMND896NWR3%2Btut6oJC3%2FJG8j8f2xXqv7YMPbRg1Z3EXGM6SVEjDV8i6AlyWtgdbAGV9oZWBzPdvA%2FXx0ZgBAqhXfqRZ2YD1zkmL4hRE4e28p0Zn8TcFkF8LDEpioF"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e4f353a31dbec-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 11 Oct 2024 10:53:57 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare

GET
H3 403 Primary Request LN Show response
kusen-service-ag.de/ 1 KB
1 KB 81ms
81ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/LN

Requested by

Host: grupolegadomx.com
URL: https://grupolegadomx.com/S/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b6bf22a76973bd2c09c40bf0fb8ac6594e72c4164ba569aec46ddfd86c25452

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://kusen-service-ag.de/LN
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8d0e4f353a3adbec-FRA
content-encoding: zstd
content-type: text/html
date: Fri, 11 Oct 2024 10:53:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ojc3frNbkRPWRF%2BLtpyFV%2BKVPVBPLk5QjYFbi%2Baw9wyoiCo1FkYPKRutExHnvYVZus9FnbxFR5Ied2i%2B6efdydC2%2F1wGR7zjKDHE1sfxXyhNPmZTs9H9mKacQ2tivOn7AetpOXE1NaJNcZW8tNqhGIGs"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block 1; mode=block

GET
H3 200 speculation
kusen-service-ag.de/cdn-cgi/ 128 B
577 B 28ms
28ms Other
application/speculationrules+json 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kusen-service-ag.de/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://kusen-service-ag.de
Referer: https://kusen-service-ag.de/LN

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qmeLpjqLOLrzStfuNkSk49vexQwq7oeMPS2yGLFgLTZ%2B1TIRsLXuzTYaw3KOgIu5oiS%2FcDguC3LLX76ilBCOe1uGp7q%2F5adD5tRuQp32lq5gyX3HwHIa%2Fx8n7MHqPWnvUUQTBwTLl7O5AsKaiOzrQleb"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e4f35cc08dbec-FRA
access-control-allow-origin: https://kusen-service-ag.de
alt-svc: h3=":443"; ma=86400
content-length: 128
date: Fri, 11 Oct 2024 10:53:58 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 200 main.js Show response
kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/ Frame F633 8 KB
0 28ms
28ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/main.js

Requested by

Host: grupolegadomx.com
URL: https://grupolegadomx.com/S/

Protocol

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74c82be6d0578eca09343788b8d6dfebd29370660912a71f882f3e4badc05709

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SAYMrs6mfln5Yz%2BYvCqCH4XnoY%2BiPVu3bfzFvlhBp5ElhqNKU2t5bu2HAXOFDXzUm6628wK5nZoWQLLIpsDi%2Bsm4stgIoQF%2FpSoBgw1Nlbi4CwQt559lIPg%2FXtA2dfx5%2BRBpqJra8%2BtbgEmW0guJsXGX"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8d0e4f34a86bdbec-FRA
alt-svc: h3=":443"; ma=86400
date: Fri, 11 Oct 2024 10:53:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

POST
H3 200 8d0e4f353a3adbec Show response
kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame F633 0
970 B 37ms
30ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/jsd/r/8d0e4f353a3adbec
Requested by: Host: kusen-service-ag.de
URL: https://kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lUU%2BNxxXw2tjuwywqY5dE12Vq4RK8t%2FEflOqPvibGXNvMdyOHkWXkWmeDn6IfesyC6z0MMcmk9rq8MjaF5bATmoiiA9nKBRTmAC4wUWz2swbw%2BI1d6kRsHWSoIRdL26izDLQIrHlI%2BUWmEIzgM%2F9OhnY"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e4f362d1ddbec-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 11 Oct 2024 10:53:58 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: grupolegadomx.com
URL: https://grupolegadomx.com/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.kusen-service-ag.de/	1970-01-21 00:12:10	Name: __cf_mw_byp Value: IlIyCPCpIXv4TSJ4xSwJH8ZtGMLcyI80sQrp4Ghk0vM-1728644033-0.0.1.1-/LN
kusen-service-ag.de/	1970-01-21 00:12:10	Name: oi3D1agyIAQt01JD0Nfm3xaw5yk Value: GSOAWecbrXhZYSkIzMJnTly469E
kusen-service-ag.de/	1970-01-21 00:12:10	Name: AwzMQ2M42ogy81c_36cAwXsfjvE Value: 1728644005
kusen-service-ag.de/	1970-01-21 00:12:10	Name: 3LDU86tNFzaUKdR8nA-Jzo9U4e0 Value: 1728730405
kusen-service-ag.de/	1970-01-21 00:12:10	Name: kNkPYhUAzZLrBosjcxhJx2UID2o Value: IWjxe9oqHLsXsgL8izzgSwgA3Xc
kusen-service-ag.de/	1970-01-21 00:12:10	Name: -YRuW7_mNpoIfdwF8NK3e75oGMc Value: 3c9fmtqcxI0q94c-uj9m8y8ovIs
kusen-service-ag.de/	1970-01-21 00:12:10	Name: kp8A4yvJayMuwUEPotVT4iQPTGU Value: cHtpQMiy4f2v1WctU8IOVvooiBI
kusen-service-ag.de/	1970-01-21 00:12:10	Name: HWiqheSVTeyYS9G5CGQ5CwnUptk Value: 1728644037
kusen-service-ag.de/	1970-01-21 00:12:10	Name: hE4XWvNHskehaN3oCPaKvYZiaGs Value: 1728730437
kusen-service-ag.de/	1970-01-21 00:12:10	Name: Vp5KnNbvQqeSCDjGrWXLLpFlDMc Value: D5LJUw9GI-mjGmHnmGM981g0pv0
kusen-service-ag.de/	1970-01-21 00:12:10	Name: 9vcz4-a_wT16IkfAZMbzHVWWHSk Value: K-cG1liS1gVTcYVFWD4SKhP4Tog
.kusen-service-ag.de/	1970-01-21 08:56:20	Name: cf_clearance Value: 95XxbAjRYH28vwM6aiKuArMFbJLkC2.AoIaT.bXicuU-1728644038-1.2.1.1-MV1hk.3993GPADnhNbTpW6BQeLEzHDQOK5ogpS.kGChW0HJoNFXqNF4A8PTRWHrnKUpHObniNyNBQyZmLGd8feYQsjpkigTpM6uiXlcU0USpGlG0GtivRBVgI0vhqDEOB9MrltmORnfsEXpkQNZX9ZvjMZu8247TQ5w_FJrq_sO2Mzbh8hrxIaRxDz9Lj3qZmilbS4HLRgNxu7UGKTmm9aLGChoGP6QgqgMvnJJeWjWM8VNpbSbWUJbe58w88QJlkYz6IlD7Ib64Ekx56YzxvPBL7T1Iwnw6zlGQokw5k4YBjGGV5ePxBTL5cpKmG9EgfyvQ46K4gJ38fmRYk59KUrTkAQEQVOCAF0kQYl2USklf92Gz28IyeVJoKaCisYkj

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://kusen-service-ag.de/LN Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://kusen-service-ag.de/LN Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

grupolegadomx.com
kusen-service-ag.de
grupolegadomx.com
204.93.224.104
2a06:98c1:3121::3
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
6b6bf22a76973bd2c09c40bf0fb8ac6594e72c4164ba569aec46ddfd86c25452
6e57f9439c41b94306257cd9b1e5b00f5de6371af3b86ea35affce5f308bd46e
74c82be6d0578eca09343788b8d6dfebd29370660912a71f882f3e4badc05709
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
d97e9b703c73f355af78e0c6dedb0bed2a9841fd1d2669b6004c77022c477b6e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea29a79f2d14d9364b0e7a57dc4575054c9e8ffc79d724a14b31e51b10dea7b8
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

kusen-service-ag.de Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

15 Requests

80 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

26 kBTransfer

53 kBSize

12 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

12 Cookies

2 Console Messages

Indicators

kusen-service-ag.de Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

80 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

26 kB
Transfer

53 kB
Size

12
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!