urlscan.io logo urlscan.io
SecurityTrails logo

app.funnel-preview.com Open in urlscan Pro
2606:4700::6810:10c2  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cqo.be/9i4u9
Effective URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180c...
Submission: On November 07 via api from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 4 countries across 14 domains to perform 18 HTTP transactions. The main IP is 2606:4700::6810:10c2, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.funnel-preview.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 23rd 2021. Valid for: a year.
This is the only time app.funnel-preview.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 52.239.134.100 8075 (MICROSOFT...)
5 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 52.16.116.2 16509 (AMAZON-02)
1 151.101.12.193 54113 (FASTLY)
1 67.202.94.86 32748 (STEADFAST)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 151.101.130.137 54113 (FASTLY)
1 162.247.243.146 13335 (CLOUDFLAR...)
18 13
1    2606:4700:3037::ac43:ca0e (United States)

ASN13335 (CLOUDFLARENET, US)
cqo.be
1    52.239.134.100 (Paris, France)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
francia.blob.core.windows.net
5    2606:4700::6810:10c2 (United States)

ASN13335 (CLOUDFLARENET, US)
app.funnel-preview.com
www.clickfunnels.com
app.clickfunnels.com
2    2606:4700:3037::6815:4e07 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
1    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6810:5f41 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
2    2606:4700:3032::ac43:b92d (United States)

ASN13335 (CLOUDFLARENET, US)
3bp.fun
1    52.16.116.2 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-116-2.eu-west-1.compute.amazonaws.com
track.addevent.com
1    151.101.12.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
i.imgur.com
1    67.202.94.86 (United States)

ASN32748 (STEADFAST, US)
PTR: amung.us
whos.amung.us
2    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net
1    151.101.130.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)
bam-cell.nr-data.net
Domain Requested by
2 static.xx.fbcdn.net app.funnel-preview.com
2 3bp.fun 1 redirects app.funnel-preview.com
2 use.fontawesome.com app.funnel-preview.com
2 www.clickfunnels.com app.funnel-preview.com
2 app.funnel-preview.com francia.blob.core.windows.net
static.cloudflareinsights.com
1 bam-cell.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com app.funnel-preview.com
1 whos.amung.us app.funnel-preview.com
1 i.imgur.com app.funnel-preview.com
1 track.addevent.com app.funnel-preview.com
1 static.cloudflareinsights.com app.funnel-preview.com
1 app.clickfunnels.com app.funnel-preview.com
1 fonts.googleapis.com app.funnel-preview.com
1 francia.blob.core.windows.net
1 cqo.be 1 redirects
18 15

This site contains no links.

Subject Issuer Validity Valid
*.blob.core.windows.net
Microsoft RSA TLS CA 01		 2021-09-01 -
2022-09-01		 a year crt.sh
app.funnel-preview.com
Cloudflare Inc ECC CA-3		 2021-08-23 -
2022-08-22		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-08-23 -
2022-08-22		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
addevent.com
Amazon		 2021-11-02 -
2022-12-01		 a year crt.sh
*.imgur.com
DigiCert SHA2 Secure Server CA		 2020-01-15 -
2022-03-16		 2 years crt.sh
whos.amung.us
Sectigo RSA Domain Validation Secure Server CA		 2020-05-21 -
2022-05-21		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-08-16 -
2021-11-14		 3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-10-06 -
2022-11-07		 a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Frame ID: 56D90A8FC1B07215F93261821EFCA7D1
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://cqo.be/9i4u9 HTTP 301
    https://francia.blob.core.windows.net/hlccqwi9/h5mqf6jv.html?sp=r&st=2021-11-06T12:19:36Z&se=2021-11-13T21:19:36Z&... Page URL
  2. https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2... Page URL

Page Statistics

18
Requests

94 %
HTTPS

54 %
IPv6

14
Domains

15
Subdomains

13
IPs

4
Countries

806 kB
Transfer

2965 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cqo.be/9i4u9 HTTP 301
    https://francia.blob.core.windows.net/hlccqwi9/h5mqf6jv.html?sp=r&st=2021-11-06T12:19:36Z&se=2021-11-13T21:19:36Z&sv=2020-08-04&sr=b&sig=j74cCMzu/eH5eDfcnlXZ/JeilJs7l2vzd9eHkgoKE2k= Page URL
  2. https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://cqo.be/9i4u9 HTTP 301
  • https://francia.blob.core.windows.net/hlccqwi9/h5mqf6jv.html?sp=r&st=2021-11-06T12:19:36Z&se=2021-11-13T21:19:36Z&sv=2020-08-04&sr=b&sig=j74cCMzu/eH5eDfcnlXZ/JeilJs7l2vzd9eHkgoKE2k=
Request Chain 8
  • https://3bp.fun/async?&user=Wason07&html=mobile HTTP 301
  • https://3bp.fun/async/?&user=Wason07&html=mobile

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
h5mqf6jv.html
francia.blob.core.windows.net/hlccqwi9/
Redirect Chain
  • https://cqo.be/9i4u9
  • https://francia.blob.core.windows.net/hlccqwi9/h5mqf6jv.html?sp=r&st=2021-11-06T12:19:36Z&se=2021-11-13T21:19:36Z&sv=2020-08-04&sr=b&sig=j74cCMzu/eH5eDfcnlXZ/JeilJs7l2vzd9eHkgoKE2k=
977 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://francia.blob.core.windows.net/hlccqwi9/h5mqf6jv.html?sp=r&st=2021-11-06T12:19:36Z&se=2021-11-13T21:19:36Z&sv=2020-08-04&sr=b&sig=j74cCMzu/eH5eDfcnlXZ/JeilJs7l2vzd9eHkgoKE2k=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.134.100 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Content-Length
977
Content-Type
text/html
Content-MD5
8EUc9CgKYTSjHHoRDlAwGw==
Last-Modified
Sat, 06 Nov 2021 12:31:32 GMT
Accept-Ranges
bytes
ETag
"0x8D9A1215D864EB0"
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id
c344e33d-801e-0023-05b9-d314e5000000
x-ms-version
2020-08-04
x-ms-creation-time
Sat, 06 Nov 2021 12:19:23 GMT
x-ms-lease-status
unlocked
x-ms-lease-state
available
x-ms-blob-type
BlockBlob
x-ms-server-encrypted
true
Date
Sun, 07 Nov 2021 09:25:19 GMT

Redirect headers

date
Sun, 07 Nov 2021 09:25:19 GMT
content-type
text/html; charset=UTF-8
x-robots-tag
noindex
location
https://francia.blob.core.windows.net/hlccqwi9/h5mqf6jv.html?sp=r&st=2021-11-06T12:19:36Z&se=2021-11-13T21:19:36Z&sv=2020-08-04&sr=b&sig=j74cCMzu/eH5eDfcnlXZ/JeilJs7l2vzd9eHkgoKE2k=
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000; preload
content-security-policy
default-src 'self'; connect-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://*.nesez.com https://*.gooogle.com https://cse.gooogle.com https://*.nesez.net https://nesez.com https://www.google-analytics.com https://*.ampproject.org https://yoast.com https://*.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://*.nesez.com https://*.gooogle.com https://cse.gooogle.com https://*.nesez.net https://nesez.com https://www.google-analytics.com https://*.ampproject.org https://*.google.com https://*.google-analytics.com https://www.google-analytics.com https://*.googlesyndication.com https://wcs.naver.net https://*.google-analytics.com https://www.google-analytics.com https://*.google.co.kr https://*.doubleclick.net https://*.gstatic.com; img-src 'self' data: https://*.googletagmanager.com https://*.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://*.nesez.com https://*.gooogle.com https://cse.gooogle.com https://*.nesez.net https://nesez.com https://www.google-analytics.com https://*.ampproject.org https://*.google-analytics.com https://www.google-analytics.com https://secure.gravatar.com https://wcs.naver.com https://*.doubleclick.net ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://*.nesez.com https://*.gooogle.com https://cse.gooogle.com https://*.nesez.net https://nesez.com https://www.google-analytics.com https://*.ampproject.org ; font-src 'self' data: https://*.googletagmanager.com https://*.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://*.nesez.com https://*.gooogle.com https://cse.gooogle.com https://*.nesez.net https://nesez.com https://www.google-analytics.com https://*.ampproject.org https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://*.nesez.com https://*.gooogle.com https://cse.gooogle.com https://*.nesez.net https://nesez.com https://www.google-analytics.com https://*.ampproject.org https://*.google.com; object-src 'none'
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgOd2n5U%2BbLRAyoELYD71PElOoptS0t02Dy16wA%2BZN80F000n%2BgANqgv1FB8E%2FuFVCHWecr3npERm5KjOSh%2F%2FhD9N0V2wxzKc5M62%2BFLrv%2FYsRPFn%2BxwlEpck7MdHWY%2BaBGwia0%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6aa583763ddc5cb6-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Primary Request optin1636201700009
app.funnel-preview.com/for_domain/video66529.clickfunnels.com/ 		44 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Requested by
Host: francia.blob.core.windows.net
URL: https://francia.blob.core.windows.net/hlccqwi9/h5mqf6jv.html?sp=r&st=2021-11-06T12:19:36Z&se=2021-11-13T21:19:36Z&sv=2020-08-04&sr=b&sig=j74cCMzu/eH5eDfcnlXZ/JeilJs7l2vzd9eHkgoKE2k=
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash
dad224497281ad59d75b7a00b0e243c98fa7c9def86d85b4f1d6b0ec6edad4e1
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options ALLOWALL

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://francia.blob.core.windows.net/

Response headers

date
Sun, 07 Nov 2021 09:25:19 GMT
content-type
text/html; charset=utf-8
cf-ray
6aa5837ccaa74414-FRA
access-control-allow-origin
*
cache-control
no-cache, no-store
strict-transport-security
max-age=0
vary
Accept-Encoding
cf-cache-status
BYPASS
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200 OK
x-frame-options
ALLOWALL
x-powered-by
Phusion Passenger Enterprise 6.0.7
x-rack-cache
miss
x-request-id
c49341ab7cac57de2dcadbbc1bc619fa
x-runtime
0.120676
server
cloudflare
content-encoding
br
lander.css
www.clickfunnels.com/assets/ 		425 KB
70 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.clickfunnels.com/assets/lander.css
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 09:25:19 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
750
last-modified
Wed, 03 Nov 2021 20:10:23 GMT
server
cloudflare
etag
W/"6182ecaf-6a514"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=1200
access-control-allow-credentials
true
cf-ray
6aa5837f3e474327-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires
Sun, 07 Nov 2021 09:45:19 GMT
all.css
use.fontawesome.com/releases/v5.9.0/css/ 		55 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.9.0/css/all.css
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 09:25:19 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
992664
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
CM8SBWAHPRE2EM23
x-amz-id-2
/BAermQjHzgm8ARojelqeS2lo5VqRI/E2f/vitW+chFmCfWK+jSPVyVIIf/mHswzVn6gx9IO0wM=
last-modified
Wed, 30 Jun 2021 15:48:06 GMT
server
cloudflare
etag
W/"dbf9d822cefe851ba6f66e1ad57e8987"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K8pj7Dv50URiKd3RYIGq%2Br32qurq2G84ys4VauHXlVtmXIOt3V0hDA8zrFKl5GbiRqQ3lhAy70NFEwcCQ4%2BZI8NwVFdvrqsaVQ6Q1HvMPtVmASRoK9K2%2F%2FOE57vnOXnMKepAa%2BOBnVGhE7YZbgjSrTEO"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
6aa5837f3da76987-FRA
v4-shims.css
use.fontawesome.com/releases/v5.9.0/css/ 		26 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 09:25:19 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
10675075
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
H4F59D1N5HGP5X17
x-amz-id-2
YUdlAsA+TtJD+rHh62FdzZps5qHRs16q+LPxOPSwnBMavIM5gcZ75Y7cLfPddqE+iN9nZYEEHPw=
last-modified
Wed, 30 Jun 2021 15:48:06 GMT
server
cloudflare
etag
W/"e140a7d32f343530f016095df3cc2ae4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4RQSrueCHUeRzitkBiNp9%2BiQzXPkqgO0ekhAiTEmYTiaqwZpTcqA1QWfFVg8XTw%2Fv4TLtylcb99Qlz46%2BmKxFPozEuck4rBSArKVS0nKK8Kse3Hgr%2F2ZVeKE8ff1ji%2FelX6ganRcdVfCMecVd%2BUINq73"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
6aa5837f3dae6987-FRA
css
fonts.googleapis.com/ 		45 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fac251c8f3c6fc1e1f6671cef0d7595d1f32066747dcc25df6da97737ef37a1e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 07 Nov 2021 07:26:25 GMT
server
ESF
date
Sun, 07 Nov 2021 09:25:19 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Sun, 07 Nov 2021 09:25:19 GMT
lander.js
www.clickfunnels.com/assets/ 		2 MB
660 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clickfunnels.com/assets/lander.js
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
21df994f79e7a98547739b4d66a229ac9243ee60f9a9afa9f539fe12996229d3
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 09:25:19 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
764
last-modified
Wed, 03 Nov 2021 20:10:23 GMT
server
cloudflare
etag
W/"6182ecaf-237285"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=1200
access-control-allow-credentials
true
cf-ray
6aa5837f3e4b4327-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires
Sun, 07 Nov 2021 09:45:19 GMT
pushcrew.js
app.clickfunnels.com/assets/ 		637 B
496 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.clickfunnels.com/assets/pushcrew.js
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 09:25:20 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
214
last-modified
Wed, 03 Nov 2021 20:10:22 GMT
server
cloudflare
etag
W/"6182ecae-27d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=1200
access-control-allow-credentials
true
cf-ray
6aa5838028714327-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires
Sun, 07 Nov 2021 09:45:20 GMT
beacon.min.js
static.cloudflareinsights.com/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 09:25:20 GMT
content-encoding
gzip
last-modified
Fri, 22 Oct 2021 22:23:12 GMT
server
cloudflare
etag
W/2021.9.0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
6aa583805cc02c2a-FRA
/
3bp.fun/async/
Redirect Chain
  • https://3bp.fun/async?&user=Wason07&html=mobile
  • https://3bp.fun/async/?&user=Wason07&html=mobile
43 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://3bp.fun/async/?&user=Wason07&html=mobile
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Server
2606:4700:3032::ac43:b92d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.31
Resource Hash
452320d09bdd97c4eb1aa5ea546ebab06c91ece1792a97018bd43df270043eae

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 09:25:20 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.3.31
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1FoQDltZ2vyQ1Utr9suqYRUqn1O%2B6zl7YvomZlYx0INRe8QfH5szPPlwTxrI6UWGySQXmOLwXsOYrKVzNwNv9vRNp4jU1aIkhu%2BhyQKznXnW%2BKyDU1GUovqMMGJVhpP5MhKiccsE"}],"group":"cf-nel","max_age":604800}
content-type
text/html;charset=UTF-8
cf-ray
6aa583808d6668ef-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date
Sun, 07 Nov 2021 09:25:20 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DgqDunZFAfr7qp9TzTj%2BvatknqnEtxbWIMx4BEItLTFcWsy5Al3tOvIrk2PZ951SW9ksA2HdcdxVPmksJlqWBj7Dc8m2BHNvX1%2BYoIy6E7wUyBbfly0QIZGpRi%2FP2PfSdKcDbYzW"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
location
https://3bp.fun/async/?&user=Wason07&html=mobile
cf-ray
6aa583805cf668ef-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
truncated
/ 		26 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
/
track.addevent.com/atc/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=0a3ab563-5ee8-4f93-bab7-0e98c2013c6a&url=https%3A%2F%2Fapp.funnel-preview.com%2Ffor_domain%2Fvideo66529.clickfunnels.com%2Foptin1636201700009%3Fupdated_at%3Da9a3dc2413181416004ddd2180cbf0abv2%26track%3D0%26preview%3Dtrue&cache=1636277120209
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.16.116.2 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-116-2.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
wCOStwT.png
i.imgur.com/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/wCOStwT.png
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
0c4fbfd9d019d99f3e026fe0a41e5158bb3ec85c8c634d25328e4862559fc784
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 09:25:20 GMT
x-content-type-options
nosniff
age
1996664
x-cache
HIT, HIT
content-length
9180
x-served-by
cache-bwi5173-BWI, cache-fra19148-FRA
last-modified
Mon, 08 Mar 2021 04:50:40 GMT
server
cat factory 1.0
x-timer
S1636277121.598390,VS0,VE1
etag
"168c57cb0a4861565d8db5b896f40218"
strict-transport-security
max-age=300
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
/
whos.amung.us/pingjs/ 		30 B
30 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whos.amung.us/pingjs/?k=knockouts02&t=%F0%9F%94%A5knockouts02%F0%9F%94%A5&x=chrome%3A%2F%2Fversion
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.94.86 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 09:25:20 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8
5NR43BsYs8o.png
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/5NR43BsYs8o.png
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 09:25:20 GMT
x-content-type-options
nosniff
content-md5
zS7nNbuF+qoavNDFbgWDdA==
content-security-policy-report-only
default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1307
x-fb-rlafr
0
x-fb-debug
acbAXwt/r1tuzli/fJBj2hIDZnTKChsB4HdGBqMdlcyzL6vcGxhvYsO7qgopqkYOtt9w/bU1gqWpQvPjioP28A==
x-fb-trip-id
686109401
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sun, 06 Nov 2022 02:15:32 GMT
lqbz1hqlAFx.png
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/lqbz1hqlAFx.png
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0fd58536eb089f2060e86f14e60ef83f68169fbe34d95f8cdc2ad60abe4bb8c9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 09:25:20 GMT
x-content-type-options
nosniff
content-md5
8kNJ+LeRDyhmr8oF+ZZjoQ==
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1364
x-fb-rlafr
0
x-fb-debug
X16+p201qaRLCguFTdtYEOrgaH8z8xEdyLDiQSxhKOjGHsORB8WjeNgDz2s4a8Bh4xd7X8mZwBWToEyLlDGoMg==
x-fb-trip-id
686109401
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 27 Oct 2022 17:20:24 GMT
nr-1211.min.js
js-agent.newrelic.com/ 		33 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1211.min.js
Requested by
Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4e42e478fd27161799c18a75c2e9a7341996250f696d09d53db336a2962ba06b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id
yf8j0EL0OxPIPTHd.58X6iFExO4xIT0R
content-encoding
gzip
etag
"3ad2268e635f4d033b0062f582c5b85a"
x-amz-request-id
14R0NFQS9PQAR023
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
12477
x-amz-id-2
+snQOstdnQhnlCWva/rU7dBf3e9wzJPyI+Pr+TX41Llvs58SsWjGL8TICmfEmSQgXX8970F7aWY=
x-served-by
cache-fra19120-FRA
last-modified
Mon, 27 Sep 2021 20:46:50 GMT
server
AmazonS3
x-timer
S1636277121.897364,VS0,VE0
date
Sun, 07 Nov 2021 09:25:20 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
1364
rum
app.funnel-preview.com/cdn-cgi/ 		0
204 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.funnel-preview.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009?updated_at=a9a3dc2413181416004ddd2180cbf0abv2&track=0&preview=true
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
content-type
application/json

Response headers

date
Sun, 07 Nov 2021 09:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
x-frame-options
DENY
access-control-allow-methods
POST,OPTIONS
content-type
text/plain
access-control-allow-origin
https://app.funnel-preview.com
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
6aa583858a7d4414-FRA
vary
Origin
NRJS-fc902efb332119fff33
bam-cell.nr-data.net/1/ 		49 B
715 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/1/NRJS-fc902efb332119fff33?a=367981416&v=1211.ba193a8&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=1443&ck=1&ref=https://app.funnel-preview.com/for_domain/video66529.clickfunnels.com/optin1636201700009&ap=122&be=399&fe=1417&dc=1052&perf=%7B%22timing%22:%7B%22of%22:1636277119105,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:1,%22c%22:1,%22s%22:2,%22ce%22:19,%22rq%22:19,%22rp%22:344,%22rpe%22:355,%22dl%22:351,%22di%22:1050,%22ds%22:1052,%22de%22:1106,%22dc%22:1416,%22l%22:1416,%22le%22:1419%7D,%22navigation%22:%7B%7D%7D&fp=1137&fcp=1137&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1211.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.funnel-preview.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sun, 07 Nov 2021 09:25:21 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
6aa58385cbdb5b62-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Domain/Path Name / Value
app.funnel-preview.com/for_domain/video66529.clickfunnels.com Name: updated_at
Value: a9a3dc2413181416004ddd2180cbf0abv2
app.funnel-preview.com/for_domain/video66529.clickfunnels.com Name: track
Value: 0
app.funnel-preview.com/for_domain/video66529.clickfunnels.com Name: preview
Value: true
app.funnel-preview.com/for_domain/video66529.clickfunnels.com Name: addevent_track_cookie
Value: 0a3ab563-5ee8-4f93-bab7-0e98c2013c6a
.funnel-preview.com/ Name: _etison_sessions_dcs_v2
Value: 50203eee17172b6e6c643f1eb8416fdb
.app.funnel-preview.com/ Name: __cf_bm
Value: gI0H.Wsw4bVGuGXbt66cCpbK.oWmxCBE5G3GLdBVIpo-1636277119-0-ARy6ZQjVNggvOFfUwFd/K8W+pQ5QTdnjC83Dt1tNc9hrRjGEiBcWiL9Sc7HY80gXivJUS+QVn3ikawfw5Bbq2MsqzTlQMTq3LMoFRnhGaLF0
.clickfunnels.com/ Name: __cf_bm
Value: 3aOLVzgZRQs6Oh1kflbhB3shXezQHGj5kvLqEs30Ni0-1636277119-0-AX+fnjr5UDXtJJOnjy9A5kV/k9yVUF1xu+QZylS43WA97HJLwRZkg27cXk/Jm2uFytWa1lgR9Eb3lRcVCB7PuiCi1CWWhFCDMGiuzbop2Jko
.nr-data.net/ Name: JSESSIONID
Value: c096483b8e767220

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3bp.fun
app.clickfunnels.com
app.funnel-preview.com
bam-cell.nr-data.net
cqo.be
fonts.googleapis.com
francia.blob.core.windows.net
i.imgur.com
js-agent.newrelic.com
static.cloudflareinsights.com
static.xx.fbcdn.net
track.addevent.com
use.fontawesome.com
whos.amung.us
www.clickfunnels.com
151.101.12.193
151.101.130.137
162.247.243.146
2606:4700:3032::ac43:b92d
2606:4700:3037::6815:4e07
2606:4700:3037::ac43:ca0e
2606:4700::6810:10c2
2606:4700::6810:5f41
2a00:1450:4001:827::200a
2a03:2880:f01c:8012:face:b00c:0:3
52.16.116.2
52.239.134.100
67.202.94.86
0c4fbfd9d019d99f3e026fe0a41e5158bb3ec85c8c634d25328e4862559fc784
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f
0fd58536eb089f2060e86f14e60ef83f68169fbe34d95f8cdc2ad60abe4bb8c9
21df994f79e7a98547739b4d66a229ac9243ee60f9a9afa9f539fe12996229d3
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
452320d09bdd97c4eb1aa5ea546ebab06c91ece1792a97018bd43df270043eae
4e42e478fd27161799c18a75c2e9a7341996250f696d09d53db336a2962ba06b
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404
acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dad224497281ad59d75b7a00b0e243c98fa7c9def86d85b4f1d6b0ec6edad4e1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422
fac251c8f3c6fc1e1f6671cef0d7595d1f32066747dcc25df6da97737ef37a1e