app.funnel-preview.com
Open in
urlscan Pro
2606:4700::6810:10c2
Malicious Activity!
Public Scan
Effective URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180c...
Submission: On November 07 via api from IE — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 23rd 2021. Valid for: a year.
This is the only time app.funnel-preview.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3037::ac43:ca0e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 52.239.134.100 52.239.134.100 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
5 | 2606:4700::68... 2606:4700::6810:10c2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:303... 2606:4700:3037::6815:4e07 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6810:5f41 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 2606:4700:303... 2606:4700:3032::ac43:b92d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 52.16.116.2 52.16.116.2 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 151.101.12.193 151.101.12.193 | 54113 (FASTLY) (FASTLY) | |
1 | 67.202.94.86 67.202.94.86 | 32748 (STEADFAST) (STEADFAST) | |
2 | 2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 151.101.130.137 151.101.130.137 | 54113 (FASTLY) (FASTLY) | |
1 | 162.247.243.146 162.247.243.146 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 13 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
francia.blob.core.windows.net |
ASN13335 (CLOUDFLARENET, US)
app.funnel-preview.com | |
www.clickfunnels.com | |
app.clickfunnels.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-116-2.eu-west-1.compute.amazonaws.com
track.addevent.com |
ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
clickfunnels.com
www.clickfunnels.com app.clickfunnels.com |
730 KB |
2 |
fbcdn.net
static.xx.fbcdn.net |
4 KB |
2 |
3bp.fun
1 redirects
3bp.fun |
10 KB |
2 |
fontawesome.com
use.fontawesome.com |
17 KB |
2 |
funnel-preview.com
app.funnel-preview.com |
13 KB |
1 |
nr-data.net
bam-cell.nr-data.net |
715 B |
1 |
newrelic.com
js-agent.newrelic.com |
13 KB |
1 |
amung.us
whos.amung.us |
30 B |
1 |
imgur.com
i.imgur.com |
9 KB |
1 |
addevent.com
track.addevent.com |
|
1 |
cloudflareinsights.com
static.cloudflareinsights.com |
5 KB |
1 |
googleapis.com
fonts.googleapis.com |
3 KB |
1 |
windows.net
francia.blob.core.windows.net |
1 KB |
1 |
cqo.be
1 redirects
cqo.be |
3 KB |
18 | 14 |
Domain | Requested by | |
---|---|---|
2 | static.xx.fbcdn.net |
app.funnel-preview.com
|
2 | 3bp.fun |
1 redirects
app.funnel-preview.com
|
2 | use.fontawesome.com |
app.funnel-preview.com
|
2 | www.clickfunnels.com |
app.funnel-preview.com
|
2 | app.funnel-preview.com |
francia.blob.core.windows.net
static.cloudflareinsights.com |
1 | bam-cell.nr-data.net |
js-agent.newrelic.com
|
1 | js-agent.newrelic.com |
app.funnel-preview.com
|
1 | whos.amung.us |
app.funnel-preview.com
|
1 | i.imgur.com |
app.funnel-preview.com
|
1 | track.addevent.com |
app.funnel-preview.com
|
1 | static.cloudflareinsights.com |
app.funnel-preview.com
|
1 | app.clickfunnels.com |
app.funnel-preview.com
|
1 | fonts.googleapis.com |
app.funnel-preview.com
|
1 | francia.blob.core.windows.net | |
1 | cqo.be | 1 redirects |
18 | 15 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.blob.core.windows.net Microsoft RSA TLS CA 01 |
2021-09-01 - 2022-09-01 |
a year | crt.sh |
app.funnel-preview.com Cloudflare Inc ECC CA-3 |
2021-08-23 - 2022-08-22 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-08-23 - 2022-08-22 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-10-18 - 2022-01-10 |
3 months | crt.sh |
addevent.com Amazon |
2021-11-02 - 2022-12-01 |
a year | crt.sh |
*.imgur.com DigiCert SHA2 Secure Server CA |
2020-01-15 - 2022-03-16 |
2 years | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-08-16 - 2021-11-14 |
3 months | crt.sh |
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021 |
2021-10-06 - 2022-11-07 |
a year | crt.sh |
*.nr-data.net DigiCert SHA2 Secure Server CA |
2020-02-05 - 2022-02-08 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Frame ID: 56D90A8FC1B07215F93261821EFCA7D1
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://cqo.be/9i4u9
HTTP 301
https://francia.blob.core.windows.net/hlccqwi9/h5mqf6jv.html?sp=r&st=2021-11-06T12:19:36Z&se=2021-11-13T21:19:36Z&... Page URL
- https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cqo.be/9i4u9
HTTP 301
https://francia.blob.core.windows.net/hlccqwi9/h5mqf6jv.html?sp=r&st=2021-11-06T12:19:36Z&se=2021-11-13T21:19:36Z&sv=2020-08-04&sr=b&sig=j74cCMzu/eH5eDfcnlXZ/JeilJs7l2vzd9eHkgoKE2k= Page URL
- https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cqo.be/9i4u9 HTTP 301
- https://francia.blob.core.windows.net/hlccqwi9/h5mqf6jv.html?sp=r&st=2021-11-06T12:19:36Z&se=2021-11-13T21:19:36Z&sv=2020-08-04&sr=b&sig=j74cCMzu/eH5eDfcnlXZ/JeilJs7l2vzd9eHkgoKE2k=
- https://3bp.fun/async?&user=Wason07&html=mobile HTTP 301
- https://3bp.fun/async/?&user=Wason07&html=mobile
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
h5mqf6jv.html
francia.blob.core.windows.net/hlccqwi9/ Redirect Chain
|
977 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
optin1636201700009
app.funnel-preview.com/for_domain/video66529.clickfunnels.com/ |
44 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lander.css
www.clickfunnels.com/assets/ |
425 KB 70 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.9.0/css/ |
55 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v4-shims.css
use.fontawesome.com/releases/v5.9.0/css/ |
26 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
45 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lander.js
www.clickfunnels.com/assets/ |
2 MB 660 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pushcrew.js
app.clickfunnels.com/assets/ |
637 B 496 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
beacon.min.js
static.cloudflareinsights.com/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
3bp.fun/async/ Redirect Chain
|
43 KB 9 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
26 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
track.addevent.com/atc/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wCOStwT.png
i.imgur.com/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
30 B 30 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5NR43BsYs8o.png
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lqbz1hqlAFx.png
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nr-1211.min.js
js-agent.newrelic.com/ |
33 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rum
app.funnel-preview.com/cdn-cgi/ |
0 204 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NRJS-fc902efb332119fff33
bam-cell.nr-data.net/1/ |
49 B 715 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
app.funnel-preview.com/for_domain/video66529.clickfunnels.com | Name: updated_at Value: a9a3dc2413181416004ddd2180cbf0abv2 |
|
app.funnel-preview.com/for_domain/video66529.clickfunnels.com | Name: track Value: 0 |
|
app.funnel-preview.com/for_domain/video66529.clickfunnels.com | Name: preview Value: true |
|
app.funnel-preview.com/for_domain/video66529.clickfunnels.com | Name: addevent_track_cookie Value: 0a3ab563-5ee8-4f93-bab7-0e98c2013c6a |
|
.funnel-preview.com/ | Name: _etison_sessions_dcs_v2 Value: 50203eee17172b6e6c643f1eb8416fdb |
|
.app.funnel-preview.com/ | Name: __cf_bm Value: gI0H.Wsw4bVGuGXbt66cCpbK.oWmxCBE5G3GLdBVIpo-1636277119-0-ARy6ZQjVNggvOFfUwFd/K8W+pQ5QTdnjC83Dt1tNc9hrRjGEiBcWiL9Sc7HY80gXivJUS+QVn3ikawfw5Bbq2MsqzTlQMTq3LMoFRnhGaLF0 |
|
.clickfunnels.com/ | Name: __cf_bm Value: 3aOLVzgZRQs6Oh1kflbhB3shXezQHGj5kvLqEs30Ni0-1636277119-0-AX+fnjr5UDXtJJOnjy9A5kV/k9yVUF1xu+QZylS43WA97HJLwRZkg27cXk/Jm2uFytWa1lgR9Eb3lRcVCB7PuiCi1CWWhFCDMGiuzbop2Jko |
|
.nr-data.net/ | Name: JSESSIONID Value: c096483b8e767220 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
3bp.fun
app.clickfunnels.com
app.funnel-preview.com
bam-cell.nr-data.net
cqo.be
fonts.googleapis.com
francia.blob.core.windows.net
i.imgur.com
js-agent.newrelic.com
static.cloudflareinsights.com
static.xx.fbcdn.net
track.addevent.com
use.fontawesome.com
whos.amung.us
www.clickfunnels.com
151.101.12.193
151.101.130.137
162.247.243.146
2606:4700:3032::ac43:b92d
2606:4700:3037::6815:4e07
2606:4700:3037::ac43:ca0e
2606:4700::6810:10c2
2606:4700::6810:5f41
2a00:1450:4001:827::200a
2a03:2880:f01c:8012:face:b00c:0:3
52.16.116.2
52.239.134.100
67.202.94.86
0c4fbfd9d019d99f3e026fe0a41e5158bb3ec85c8c634d25328e4862559fc784
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f
0fd58536eb089f2060e86f14e60ef83f68169fbe34d95f8cdc2ad60abe4bb8c9
21df994f79e7a98547739b4d66a229ac9243ee60f9a9afa9f539fe12996229d3
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
452320d09bdd97c4eb1aa5ea546ebab06c91ece1792a97018bd43df270043eae
4e42e478fd27161799c18a75c2e9a7341996250f696d09d53db336a2962ba06b
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404
acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dad224497281ad59d75b7a00b0e243c98fa7c9def86d85b4f1d6b0ec6edad4e1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422
fac251c8f3c6fc1e1f6671cef0d7595d1f32066747dcc25df6da97737ef37a1e