kusen-service-ag.de Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://grupofrk.com/S
Effective URL:
https://kusen-service-ag.de/LN
Submission: On October 11 via manual (October 11th 2024, 10:55:39 am UTC) from DE — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is kusen-service-ag.de.
TLS certificate: Issued by WE1 on October 8th 2024. Valid for: 3 months.

This is the only time kusen-service-ag.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 3	204.93.224.117 204.93.224.117	23352 (SERVERCEN...) (SERVERCENTRAL)
2 15	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	3

3 204.93.224.117 (Chicago, United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: bh8962.banahosting.com

grupofrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 188.114.97.3 (Amsterdam, Netherlands) 2 redirects

ASN13335 (CLOUDFLARENET, US)

kusen-service-ag.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	kusen-service-ag.de 2 redirects kusen-service-ag.de	39 KB
3	grupofrk.com 1 redirects grupofrk.com	3 KB
16	2

	Domain	Requested by
15	kusen-service-ag.de	2 redirects kusen-service-ag.de grupofrk.com
3	grupofrk.com	1 redirects
16	2

This site contains no links.

Subject Issuer	Validity	Valid
*.7t7t5.grupofrk.com R11	`2024-09-28` - `2024-12-27`	3 months	crt.sh
kusen-service-ag.de WE1	`2024-10-08` - `2025-01-06`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://kusen-service-ag.de/LN
Frame ID: B7D4DDFF33B3B69DF13601420162F87C
Requests: 13 HTTP requests in this frame

Frame: https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js
Frame ID: 288B990EFEE7B6F2334963D1004DBFE5
Requests: 1 HTTP requests in this frame

Frame: https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js
Frame ID: 01D1978E0987C1E33772988C6D8C5A23
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

https://grupofrk.com/S HTTP 301
https://grupofrk.com/S/ Page URL
https://kusen-service-ag.de/LN Page URL
https://kusen-service-ag.de/cdn-cgi/phish-bypass?atok=QUKzfR7kTmN9PyGYeh64Fpw5Fvsy1C1S5rX.bYOlrIw-172864... HTTP 301
https://kusen-service-ag.de/LN Page URL
https://kusen-service-ag.de/LN Page URL

Page Statistics

16
Requests

88 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

40 kB
Transfer

63 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://grupofrk.com/S HTTP 301
https://grupofrk.com/S/ Page URL
https://kusen-service-ag.de/LN Page URL
https://kusen-service-ag.de/cdn-cgi/phish-bypass?atok=QUKzfR7kTmN9PyGYeh64Fpw5Fvsy1C1S5rX.bYOlrIw-1728644130-0.0.1.1-%2FLN HTTP 301
https://kusen-service-ag.de/LN Page URL
https://kusen-service-ag.de/LN Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://grupofrk.com/S HTTP 301
https://grupofrk.com/S/

Request Chain 7

https://kusen-service-ag.de/cdn-cgi/phish-bypass?atok=QUKzfR7kTmN9PyGYeh64Fpw5Fvsy1C1S5rX.bYOlrIw-1728644130-0.0.1.1-%2FLN HTTP 301
https://kusen-service-ag.de/LN

Request Chain 10

https://kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js

Request Chain 13

https://kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
grupofrk.com/S/
Redirect Chain

https://grupofrk.com/S
https://grupofrk.com/S/

146 B
174 B

229ms
228ms

Document
text/html

204.93.224.117
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://grupofrk.com/S/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 204.93.224.117 Chicago, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: bh8962.banahosting.com
Software: LiteSpeed /
Resource Hash: ea29a79f2d14d9364b0e7a57dc4575054c9e8ffc79d724a14b31e51b10dea7b8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-length: 103
content-type: text/html; charset=UTF-8
date: Fri, 11 Oct 2024 10:55:29 GMT
server: LiteSpeed
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 795
content-type: text/html
date: Fri, 11 Oct 2024 10:55:29 GMT
location: https://grupofrk.com/S/
server: LiteSpeed

GET
H3 200 LN Show response
kusen-service-ag.de/ 4 KB
2 KB 273ms
130ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/LN

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69eb98070ed1b785982a725273d879394e47020456de736971da8544a399d089

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://grupofrk.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-ray: 8d0e51780837dc76-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 11 Oct 2024 10:55:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L5BjDDUHpPy3gCUsY%2F%2FXMTT10KgIfySLEufOor25dg1MRK6tEwjLOlznDxjtZb%2FYHJnfspFUGCHlf6sPezGJPSgPp4Ih05XZb0wlNYDUamDGzQ3Z07NO3r0V95cfdOLVpYmyCdFs"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 404 favicon.ico
grupofrk.com/ 1 KB
1 KB 128ms
127ms Other
text/html 204.93.224.117
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://grupofrk.com/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 204.93.224.117 Chicago, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: bh8962.banahosting.com
Software: LiteSpeed /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://grupofrk.com/S/

Response headers

cache-control: private, no-cache, no-store, must-revalidate, max-age=0
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 1251
pragma: no-cache
date: Fri, 11 Oct 2024 10:55:29 GMT
content-type: text/html
server: LiteSpeed

GET
H3 200 speculation
kusen-service-ag.de/cdn-cgi/ 128 B
564 B 140ms
139ms Other
application/speculationrules+json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kusen-service-ag.de/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://kusen-service-ag.de
Referer: https://kusen-service-ag.de/LN

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=USy0q4NOtpSfQ8oEKcwaz3vIo7xBSM8RMywIsBNcR%2BktMIizlf4X9qPJRgnlo0f%2FyaeOut48zdw%2FfpBM1kHHOWDWYL0pNsrnZ51wSKhZF%2Bp%2Fv4X61Raij7i2SUu9fLlMwyu2QTf0"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e51791b74dc76-FRA
access-control-allow-origin: https://kusen-service-ag.de
alt-svc: h3=":443"; ma=86400
content-length: 128
date: Fri, 11 Oct 2024 10:55:30 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 200 cf.errors.css
kusen-service-ag.de/cdn-cgi/styles/ 23 KB
5 KB 135ms
135ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/cdn-cgi/styles/cf.errors.css

Requested by

Host: kusen-service-ag.de
URL: https://kusen-service-ag.de/LN

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://kusen-service-ag.de/LN

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"67000b16-5df3"
x-content-type-options: nosniff
cf-ray: 8d0e51791b79dc76-FRA
expires: Fri, 11 Oct 2024 12:55:30 GMT
date: Fri, 11 Oct 2024 10:55:30 GMT
content-type: text/css
last-modified: Fri, 04 Oct 2024 15:34:46 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
kusen-service-ag.de/cdn-cgi/images/ 452 B
634 B 136ms
136ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kusen-service-ag.de/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: kusen-service-ag.de
URL: https://kusen-service-ag.de/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://kusen-service-ag.de/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "67000b16-1c4"
x-content-type-options: nosniff
cf-ray: 8d0e517a0f2bdc76-FRA
expires: Fri, 11 Oct 2024 12:55:30 GMT
accept-ranges: bytes
content-length: 452
date: Fri, 11 Oct 2024 10:55:30 GMT
content-type: image/png
last-modified: Fri, 04 Oct 2024 15:34:46 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 favicon.ico
kusen-service-ag.de/ 4 KB
2 KB 129ms
129ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a257680442efc8654d894a398b6dfb742a59aaa95745e08e50838ccca79cf9f6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://kusen-service-ag.de/LN

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
speculation-rules: "/cdn-cgi/speculation"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VZUG1EL3UUOkgLTJ1Z3CLsw5EWhwYcUloMo82H365isXU%2FYnn9LnejJCzi2W5792aPtollKycibRPuNwbsAJlePOp9f%2FK1sxLRWQP9qCju85mCOMjjmwCykINn6z1HjnN%2BdTMhba"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e517ae9f1dc76-FRA
date: Fri, 11 Oct 2024 10:55:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3

503

LN Show response
kusen-service-ag.de/
Redirect Chain

https://kusen-service-ag.de/cdn-cgi/phish-bypass?atok=QUKzfR7kTmN9PyGYeh64Fpw5Fvsy1C1S5rX.bYOlrIw-1728644130-0.0.1.1-%2FLN
https://kusen-service-ag.de/LN

19 KB
19 KB

212ms
211ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/LN

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b978035fcdfdee077e2204a113d68642e2618156129c56822806a42671a3029

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://kusen-service-ag.de/LN
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8d0e519218badc76-FRA
content-type: text/html; charset=utf-8
date: Fri, 11 Oct 2024 10:55:34 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J0rmWdC5zQwy0DRyB40BgOxWaqZzQh4TfTum20GIguCHNF4y2%2BJ8n4DV%2F8tR38aUKyg2%2BCIX1PTarTp5aXHTBgOFztUABPsPk4aYVBAljCbo6x6rwDhvBfOnT%2FvCpL%2FTvPbk9PDS"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

cache-control: private, no-cache
cf-ray: 8d0e51913e18dc76-FRA
content-length: 167
content-type: text/html
date: Fri, 11 Oct 2024 10:55:34 GMT
location: https://kusen-service-ag.de/LN
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 speculation
kusen-service-ag.de/cdn-cgi/ 128 B
565 B 142ms
141ms Other
application/speculationrules+json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kusen-service-ag.de/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://kusen-service-ag.de
Referer: https://kusen-service-ag.de/LN

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2ByF1KYhB5XhF9DCgMJWjnLkiAZI0S6uCdB9yTHb%2BCaX4XL3MGnW%2BlxJt56X7fmF43249Z0qbvIxF8EhfeIjJKn1AZyJmbzOCSG2kieULiOe%2BcYC6EBk1wtNC2NP7qRVPCg9yiT1"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e5193bdbcdc76-FRA
access-control-allow-origin: https://kusen-service-ag.de
alt-svc: h3=":443"; ma=86400
content-length: 128
date: Fri, 11 Oct 2024 10:55:35 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

POST
H3 204 LN
kusen-service-ag.de/ 0
908 B 192ms
191ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/LN

Requested by

Host: grupofrk.com
URL: https://grupofrk.com/S/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
X-Requested-TimeStamp-Combination
Referer: https://kusen-service-ag.de/LN
X-Requested-TimeStamp
X-Requested-Type-Combination: GET
mF0RHv-9XG0ppoH9uJFh-GQUv9Y: 30343034
X-Requested-with: XMLHttpRequest
PHZd--3qhIKsyrq40WlSb4vXe0: fLooHYzM2TjLwjRCXfCEdguoINw
X-Requested-Type: GET
Content-type: application/x-www-form-urlencoded
X-Requested-TimeStamp-Expire

Response headers

cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XuZGVGifayst%2FX7DtWjX18bKsw%2BBjKQVYe9%2BLjYE2cFFb0hkePJsdC5fgmPJWuEOOd7VYwaO21SjVYtnOoPpcJ1RRTRH%2BDMhHQrdSZncPGuUqwq6%2Bbtcldwr7bbnGehEKzrF5pLQ"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8d0e51942f2edc76-FRA
expires: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 11 Oct 2024 10:55:35 GMT
x-xss-protection: 1; mode=block, 1; mode=block
server: cloudflare
x-frame-options: SAMEORIGIN

GET

main.js
kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/ Frame 288B
Redirect Chain

https://kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?

0
0

GET
H3 404 favicon.ico
kusen-service-ag.de/ 315 B
789 B 138ms
138ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://kusen-service-ag.de/LN

Response headers

content-encoding: zstd
cf-cache-status: HIT
age: 166872
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Swofk93wAXXlrD0e4hgTmSgzhRJ56mCUfiUFc%2B3LOUPeWMtpKrFzSm1GASfB%2FatuNGvsi925M%2BJMcbi1NngkWHTI5YY8%2FZgY1zHymnAo59r1N8gGaemg9gmXbB1sYymccMtqLQP4"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
alt-svc: h3=":443"; ma=86400
date: Fri, 11 Oct 2024 10:55:35 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
speculation-rules: "/cdn-cgi/speculation"
cf-ray: 8d0e51942f35dc76-FRA
x-xss-protection: 1; mode=block, 1; mode=block
server: cloudflare

GET
H3 403 Primary Request LN Show response
kusen-service-ag.de/ 1 KB
1 KB 194ms
193ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/LN

Requested by

Host: grupofrk.com
URL: https://grupofrk.com/S/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41c05927c1f79350dfe3d2d2e8722299e0168c00ca396074b0d42caefc2be62e

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://kusen-service-ag.de/LN
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8d0e51956b82dc76-FRA
content-encoding: zstd
content-type: text/html
date: Fri, 11 Oct 2024 10:55:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=znNIZTheoDSZyQga5XtYV%2BqYDjF7jF0qwSiYhcjkd8%2Fv14j29chf9pXgTGU1jad7Y8d36STJdmi%2BKwUQB94aChtJPz0Vus8Qnj31MnP1SgZdrh78TzEJOBmEtQe7JVV85E2wwmk0"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block 1; mode=block

GET
H3 200 speculation
kusen-service-ag.de/cdn-cgi/ 128 B
564 B 131ms
130ms Other
application/speculationrules+json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kusen-service-ag.de/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://kusen-service-ag.de
Referer: https://kusen-service-ag.de/LN

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uv9Mvw%2BvMcqI0WUWzrJp6uZRiYCZ34RFifww9tjZ9BJexiw8zyFnI2reqwMV3hFEn0776ojFJigcn0ylSiqYRBjuqZ7RdO5LnqK6Pbb9dnEiokS%2F4%2BM%2BBKzMB6GcVUY1fLFW6mDz"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e5196cfe3dc76-FRA
access-control-allow-origin: https://kusen-service-ag.de
alt-svc: h3=":443"; ma=86400
content-length: 128
date: Fri, 11 Oct 2024 10:55:35 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3

200

main.js Show response
kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/ Frame 01D1
Redirect Chain

https://kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?

8 KB
4 KB

741ms
741ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?

Protocol

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f81bf0af7cc03c6b6a9634afee78ca4bbc96211ff72a28d7fb611f9d5a87a922

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nOG7JF%2Bq%2FDjzDKrAMsSe2TxfQgpoMNWQMzXbcTz5GV5Y7KWXZ8VKGSc6x7n3%2FpPMtvNVUDUQfT9%2FEHkKjw2RJb0iQZD22GBWJiUWN7OpsfvegK66k7JKVYwQmpqcrrQxTgAo8qkQ"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8d0e519708fddc76-FRA
alt-svc: h3=":443"; ma=86400
date: Fri, 11 Oct 2024 10:55:35 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b6L90Sm2dKddiDvZzgKbRmT7PSTb6PnXxYSHwkFQTgv4rTGPHgqv%2B3CfLlJfsoknge%2FIVOWwC2KEVjedYROMs6j8rjtaG%2FoRU4ZqHnUP7A44IJ0%2BF4unIXu78GFopG2Eza3b%2FQG5"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e51942f32dc76-FRA
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 11 Oct 2024 10:55:35 GMT
vary: Accept-Encoding
server: cloudflare

POST
H3 200 8d0e51956b82dc76 Show response
kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 01D1 0
953 B 141ms
128ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/jsd/r/8d0e51956b82dc76
Requested by: Host: kusen-service-ag.de
URL: https://kusen-service-ag.de/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w0ZUp1a8zOPQrppi7iL43IjM3JgZsPzFcLmng0x321OhzIna7TAm7u3wZ6Nrx%2Bm%2BCfZeG5DK0nvMeFB0CwHXyEVSEDyQnR0fm%2FTOBD7LyjGp6LuI%2BrhxGCheu%2F5Iic%2BVSaEaHTzt"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d0e519cece4dc76-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 11 Oct 2024 10:55:36 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: kusen-service-ag.de
URL: https://kusen-service-ag.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.kusen-service-ag.de/	1970-01-21 00:12:10	Name: __cf_mw_byp Value: QUKzfR7kTmN9PyGYeh64Fpw5Fvsy1C1S5rX.bYOlrIw-1728644130-0.0.1.1-/LN
kusen-service-ag.de/	1970-01-21 00:12:10	Name: 4GTutp4nUTRrz2X885HsPDIHOkk Value: GqGUWM2YoP5UO5LMpOWzMVt8Ue0
kusen-service-ag.de/	1970-01-21 00:12:10	Name: 5kMQLwuWDadG07GxQ0MgU_EMuBE Value: 1728644121
kusen-service-ag.de/	1970-01-21 00:12:10	Name: DCKSU3qqzlJCvwff8sFKMM3-ZZg Value: 1728730521
kusen-service-ag.de/	1970-01-21 00:12:10	Name: FJCtk7AUJyRlC0hSsBZxnFrQXkA Value: msI5syhAnkQY86EY_hftdcOA7KI
kusen-service-ag.de/	1970-01-21 00:12:10	Name: y0fD5iQ4BAmvgYLz48rFw2AnFzo Value: fuAMW_TbPWXGvi7f1Sp3jw0fNNg
kusen-service-ag.de/	1970-01-21 00:12:10	Name: kp8A4yvJayMuwUEPotVT4iQPTGU Value: cHtpQMiy4f2v1WctU8IOVvooiBI
kusen-service-ag.de/	1970-01-21 00:12:10	Name: HWiqheSVTeyYS9G5CGQ5CwnUptk Value: 1728644135
kusen-service-ag.de/	1970-01-21 00:12:10	Name: hE4XWvNHskehaN3oCPaKvYZiaGs Value: 1728730535
kusen-service-ag.de/	1970-01-21 00:12:10	Name: Vp5KnNbvQqeSCDjGrWXLLpFlDMc Value: Vi3v8eOtZYbfLtDiybEJHI2i3u0
kusen-service-ag.de/	1970-01-21 00:12:10	Name: 9vcz4-a_wT16IkfAZMbzHVWWHSk Value: K-cG1liS1gVTcYVFWD4SKhP4Tog
.kusen-service-ag.de/	1970-01-21 08:56:20	Name: cf_clearance Value: Lq6SIxCYpJPVll9PCyXPDdSnvQ_5V9hn0y4p74IaafE-1728644136-1.2.1.1-WPgJ64cHpf2jQ96PC.gr2GFGZ0xL8YuPLAG0d8Sc.Qi8UCzcsXTGPYCnf2ZYupCT5H6KZXMsD.QqbDhjulXrSABKlBA2rb72q64q.JRpaqcR9Hpn801Ll9vLIjkYgPecsUSqvadEaj5oH_Gz.jyTY1o0v1vbN8yY49Ws49hkTsoDeWfjyhdOC8TLs6lzHYOQVq_SoipDVTSYJzhHfq_X5Ws7vbv48Wwmt.R3T3COvjjigp.wUcuLd6VUm1AKorFsxpjR_DcPS3DbN2eJ1KLF6fAN_1SullLh8YW3ARI00Cn5SHxnSr0vj5EdVnLryuNeBzxWljRjfK2TQG.3TDo8ShpYn.iToB3Sxsy1xj1ZkHfGDQ6_rCWP7zWh91EaLOoL

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://grupofrk.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://kusen-service-ag.de/LN Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://kusen-service-ag.de/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://kusen-service-ag.de/LN Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

grupofrk.com
kusen-service-ag.de
kusen-service-ag.de
188.114.97.3
204.93.224.117
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
41c05927c1f79350dfe3d2d2e8722299e0168c00ca396074b0d42caefc2be62e
69eb98070ed1b785982a725273d879394e47020456de736971da8544a399d089
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8b978035fcdfdee077e2204a113d68642e2618156129c56822806a42671a3029
a257680442efc8654d894a398b6dfb742a59aaa95745e08e50838ccca79cf9f6
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea29a79f2d14d9364b0e7a57dc4575054c9e8ffc79d724a14b31e51b10dea7b8
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f81bf0af7cc03c6b6a9634afee78ca4bbc96211ff72a28d7fb611f9d5a87a922

kusen-service-ag.de Open in urlscan Pro 188.114.97.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

16 Requests

88 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

40 kBTransfer

63 kBSize

12 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

12 Cookies

4 Console Messages

Indicators

kusen-service-ag.de Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

88 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

40 kB
Transfer

63 kB
Size

12
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!