support6518465.clickfunnels.com Open in urlscan Pro
2606:4700::6810:cc2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mail.nisbets.be/click/geq8-6vpvk-5dfde-gn0qdz0/
Effective URL:
https://support6518465.clickfunnels.com/optin1690654554666
Submission: On July 30 via api (July 30th 2023, 7:25:58 am UTC) from IE — Scanned from CA

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 14 HTTP transactions. The main IP is 2606:4700::6810:cc2, located in United States and belongs to CLOUDFLARENET, US. The main domain is support6518465.clickfunnels.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 23rd 2023. Valid for: a year.

This is the only time support6518465.clickfunnels.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	15.156.37.76 15.156.37.76	16509 (AMAZON-02) (AMAZON-02)
2 11	2606:4700::68... 2606:4700::6810:cc2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:e2:... 2606:4700:e2::ac40:850f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81d::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	5

1 15.156.37.76 (Montreal, Canada) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-15-156-37-76.ca-central-1.compute.amazonaws.com

mail.nisbets.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6810:cc2 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

support6518465.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e2::ac40:850f (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::200a (Stony Point, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	clickfunnels.com 2 redirects support6518465.clickfunnels.com app.clickfunnels.com — Cisco Umbrella Rank: 48013 images.clickfunnels.com — Cisco Umbrella Rank: 106439	773 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1205	17 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1186	7 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 79	3 KB
1	nisbets.be 1 redirects mail.nisbets.be	327 B
0	ddnss.eu Failed activity-metamask.ddnss.eu Failed
14	6

	Domain	Requested by
6	support6518465.clickfunnels.com	2 redirects support6518465.clickfunnels.com
4	app.clickfunnels.com	support6518465.clickfunnels.com
2	use.fontawesome.com	support6518465.clickfunnels.com
1	static.cloudflareinsights.com	support6518465.clickfunnels.com
1	images.clickfunnels.com	support6518465.clickfunnels.com
1	fonts.googleapis.com	support6518465.clickfunnels.com
1	mail.nisbets.be	1 redirects
0	activity-metamask.ddnss.eu Failed	support6518465.clickfunnels.com
14	8

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-06-23` - `2024-06-22`	a year	crt.sh
use.fontawesome.com GTS CA 1P5	`2023-07-04` - `2023-10-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh

This page contains 1 frames:

Frame: https://activity-metamask.ddnss.eu/FMfcgzGtwDGrSHmqrhQdmDbWFzBphsNq/FMfcgzGtwMglRwHgjsmXQhPmXtmzhtTj/
Frame ID: 28AA890272B6FFCB5B678DD1592F238D
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://mail.nisbets.be/click/geq8-6vpvk-5dfde-gn0qdz0/ HTTP 302
https://support6518465.clickfunnels.com/optin3w4u8d81 Page URL
https://support6518465.clickfunnels.com/cdn-cgi/phish-bypass?atok=EckPTyo1AlkHGadXGGYfZZYHKOYGrghU6z56tCJExQA-169070... HTTP 301
https://support6518465.clickfunnels.com/optin3w4u8d81 HTTP 302
https://support6518465.clickfunnels.com/optin1690654554666 Page URL

Page Statistics

14
Requests

93 %
HTTPS

80 %
IPv6

6
Domains

8
Subdomains

5
IPs

2
Countries

799 kB
Transfer

2972 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mail.nisbets.be/click/geq8-6vpvk-5dfde-gn0qdz0/ HTTP 302
https://support6518465.clickfunnels.com/optin3w4u8d81 Page URL
https://support6518465.clickfunnels.com/cdn-cgi/phish-bypass?atok=EckPTyo1AlkHGadXGGYfZZYHKOYGrghU6z56tCJExQA-1690701913-0-%2Foptin3w4u8d81 HTTP 301
https://support6518465.clickfunnels.com/optin3w4u8d81 HTTP 302
https://support6518465.clickfunnels.com/optin1690654554666 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://mail.nisbets.be/click/geq8-6vpvk-5dfde-gn0qdz0/ HTTP 302
https://support6518465.clickfunnels.com/optin3w4u8d81

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

optin3w4u8d81 Show response
support6518465.clickfunnels.com/
Redirect Chain

http://mail.nisbets.be/click/geq8-6vpvk-5dfde-gn0qdz0/
https://support6518465.clickfunnels.com/optin3w4u8d81

4 KB
2 KB

48ms
21ms

Document
text/html

2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://support6518465.clickfunnels.com/optin3w4u8d81

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b448efa7b88fb3e7298164914c671558471adc9e603ad97ab69cdddd6c85a7c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cf-ray: 7eebddcd2b2c7138-YUL
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 30 Jul 2023 07:25:13 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Cache-Control: private
Connection: keep-alive
Content-Length: 170
Content-Type: text/html; charset=utf-8
Date: Sun, 30 Jul 2023 07:25:13 GMT
Location: https://support6518465.clickfunnels.com/optin3w4u8d81
Refresh: 0; URL=https://support6518465.clickfunnels.com/optin3w4u8d81
Server: cmp-trk-s1-01

GET
H2 200 cf.errors.css
support6518465.clickfunnels.com/cdn-cgi/styles/ 24 KB
5 KB 12ms
11ms Stylesheet
text/css 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://support6518465.clickfunnels.com/cdn-cgi/styles/cf.errors.css

Requested by

Host: support6518465.clickfunnels.com
URL: https://support6518465.clickfunnels.com/optin3w4u8d81

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://support6518465.clickfunnels.com/optin3w4u8d81
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 07:25:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 28 Jul 2023 12:04:43 GMT
server: cloudflare
etag: W/"64c3aedb-5e44"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 7eebddcd5b447138-YUL
expires: Sun, 30 Jul 2023 09:25:13 GMT

GET
H2 200 icon-exclamation.png
support6518465.clickfunnels.com/cdn-cgi/images/ 452 B
540 B 15ms
15ms Image
image/png 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://support6518465.clickfunnels.com/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: support6518465.clickfunnels.com
URL: https://support6518465.clickfunnels.com/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://support6518465.clickfunnels.com/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 07:25:13 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 Jul 2023 12:04:43 GMT
server: cloudflare
etag: "64c3aedb-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7eebddcd8b6b7138-YUL
content-length: 452
expires: Sun, 30 Jul 2023 09:25:13 GMT

GET
H2

200

Primary Request optin1690654554666
support6518465.clickfunnels.com/
Redirect Chain

https://support6518465.clickfunnels.com/cdn-cgi/phish-bypass?atok=EckPTyo1AlkHGadXGGYfZZYHKOYGrghU6z56tCJExQA-1690701913-0-%2Foptin3w4u8d81
https://support6518465.clickfunnels.com/optin3w4u8d81
https://support6518465.clickfunnels.com/optin1690654554666

87 KB
27 KB

32ms
32ms

Document
text/html

2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support6518465.clickfunnels.com/optin1690654554666
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash

Request headers

Referer: https://support6518465.clickfunnels.com/optin3w4u8d81
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 6
cache-control: max-age=60, public, s-maxage=600, r-maxage=10
cf-cache-status: HIT
cf-ray: 7eebddecde577138-YUL
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 30 Jul 2023 07:25:18 GMT
last-modified: Sat, 29 Jul 2023 18:16:19 GMT
server: cloudflare
status: 200 OK
vary: Accept-Encoding
x-content-digest: 824945adff4c5160f517eed372cc4ddfd4ff63eb
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: stale, valid, store
x-request-id: 73933243a2ff3f68a67833155baa0e84
x-runtime: 0.176847

Redirect headers

cache-control: no-cache, private
cf-cache-status: BYPASS
cf-ray: 7eebddebedcc7138-YUL
content-type: text/html; charset=utf-8
date: Sun, 30 Jul 2023 07:25:18 GMT
location: https://support6518465.clickfunnels.com/optin1690654554666
server: cloudflare
status: 302 Found
vary: Accept-Encoding
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 0d8bec35cf11bf72056b4d6891af019c
x-runtime: 0.081720

GET
H2 200 lander.css
app.clickfunnels.com/assets/ 425 KB
70 KB 33ms
32ms Stylesheet
text/css 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/lander.css
Requested by: Host: support6518465.clickfunnels.com
URL: https://support6518465.clickfunnels.com/optin1690654554666
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://support6518465.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 07:25:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 26 Jul 2023 14:55:58 GMT
server: cloudflare
age: 632
etag: W/"64c133fe-6a514"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=1200
cf-ray: 7eebdded1e727138-YUL
expires: Sun, 30 Jul 2023 07:45:18 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.9.0/css/ 55 KB
12 KB 71ms
27ms Stylesheet
text/css 2606:4700:e2::ac40:850f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/all.css
Requested by: Host: support6518465.clickfunnels.com
URL: https://support6518465.clickfunnels.com/optin1690654554666
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:850f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://support6518465.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 07:25:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: F87B7SB991662Z01
age: 1402129
alt-svc: h3=":443"; ma=86400
x-amz-id-2: t/QXuEUV20b5ivdyF1kBKEikOO25+6U8jsgFjTBEptl+WgF12/VJE08/NpS9asqaAlM/nR0qC5o=
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
server: cloudflare
etag: W/"dbf9d822cefe851ba6f66e1ad57e8987"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=idGuot38D%2BCw97Y%2FIMlTwg5Plmt6kChcULneQdHHfourNDBj5Ppg%2BJjZGYEHYvYZMQvDwtAGThPyW9Rs81ucs59REvt9RQEYccsvih7EWPBtpb6L9XmAuFitPzwywsycNExqv7XP7KnSfIZFxpZz0Mks"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 7eebdded69c61a48-EWR

GET
H2 200 v4-shims.css
use.fontawesome.com/releases/v5.9.0/css/ 26 KB
5 KB 68ms
25ms Stylesheet
text/css 2606:4700:e2::ac40:850f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
Requested by: Host: support6518465.clickfunnels.com
URL: https://support6518465.clickfunnels.com/optin1690654554666
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:850f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://support6518465.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 07:25:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 6AGJDA869SJQXYBP
age: 231216
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 8WXwUuMjMbryUlTftOF2SJebxmyXCJtr4W/uIUYqn5qOMB7HuC5gSLFJtTk8GOcbMKy/QM+ooa4=
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
server: cloudflare
etag: W/"e140a7d32f343530f016095df3cc2ae4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DkNoyPSJbX0JaRPBT8tssu1%2BQTj2AdyHZsngSViphSPU%2F2oV4%2FveJDs3XKR1HPF%2BicVldj9N%2FXdN0j05I5cyXCcYuWCj3YmdNOE%2Bv8KCt0R0J408hMeUKyN%2FRHSGlhwsh2VqyD%2FNySufCndZhRFrpYTy"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 7eebdded69c81a48-EWR

GET
H2 200 css
fonts.googleapis.com/ 47 KB
3 KB 84ms
38ms Stylesheet
text/css 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

Requested by

Host: support6518465.clickfunnels.com
URL: https://support6518465.clickfunnels.com/optin1690654554666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://support6518465.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 30 Jul 2023 07:25:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 30 Jul 2023 06:55:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 30 Jul 2023 07:25:18 GMT

GET
H2 200 application.js
app.clickfunnels.com/assets/userevents/ 5 KB
2 KB 35ms
34ms Script
application/x-javascript 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/userevents/application.js
Requested by: Host: support6518465.clickfunnels.com
URL: https://support6518465.clickfunnels.com/optin1690654554666
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://support6518465.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 07:25:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 26 Jul 2023 14:55:58 GMT
server: cloudflare
age: 665
etag: W/"64c133fe-147c"
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
cf-ray: 7eebddedaeb57138-YUL
expires: Sun, 30 Jul 2023 07:45:18 GMT

GET
H2 200 lander.js
app.clickfunnels.com/assets/ 2 MB
660 KB 33ms
32ms Script
application/x-javascript 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/lander.js
Requested by: Host: support6518465.clickfunnels.com
URL: https://support6518465.clickfunnels.com/optin1690654554666
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://support6518465.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 07:25:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 26 Jul 2023 14:57:37 GMT
server: cloudflare
age: 619
etag: W/"64c13461-238327"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=1200
cf-ray: 7eebdded1e737138-YUL
expires: Sun, 30 Jul 2023 07:45:18 GMT

GET
H2 200 ClickfunnelsTag.png
images.clickfunnels.com/3d/392630953c4119a324492bb1c05778/ 5 KB
6 KB 31ms
30ms Image
image/webp 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.clickfunnels.com/3d/392630953c4119a324492bb1c05778/ClickfunnelsTag.png
Requested by: Host: support6518465.clickfunnels.com
URL: https://support6518465.clickfunnels.com/optin1690654554666
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://support6518465.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 07:25:18 GMT
cf-cache-status: HIT
x-amz-request-id: AHDX6CX80TE1SDYS
age: 1987
cf-polished: origFmt=png, origSize=9030
content-disposition: inline; filename="ClickfunnelsTag.webp"
content-length: 5276
x-amz-id-2: QCClhET2JUivbTNLyQCvs97HbI7NJETWf41JU9YKASEv7bB69HjkFkGXq5uibcPCtFdC4xHeJZc=
cf-bgj: imgq:85,h2pri
last-modified: Fri, 03 Jan 2020 17:41:49 GMT
server: cloudflare
etag: "a633777156a5ffeb58c92d3d59fa4e34"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2073600
accept-ranges: bytes
cf-ray: 7eebddedef357138-YUL
expires: Wed, 23 Aug 2023 07:25:18 GMT

GET
H2 200 pushcrew.js
app.clickfunnels.com/assets/ 637 B
655 B 35ms
35ms Script
application/x-javascript 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/assets/pushcrew.js

Requested by

Host: support6518465.clickfunnels.com
URL: https://support6518465.clickfunnels.com/optin1690654554666

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://support6518465.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 07:25:18 GMT
strict-transport-security: max-age=0
content-encoding: br
cf-cache-status: HIT
age: 730
last-modified: Wed, 26 Jul 2023 14:55:58 GMT
server: cloudflare
etag: W/"64c133fe-27d"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
access-control-allow-credentials: true
access-control-max-age: 1728000
cf-ray: 7eebddee0f547138-YUL
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
expires: Sun, 30 Jul 2023 07:45:18 GMT

GET
H2 200 v8b253dfea2ab4077af8c6f58422dfbfd1689876627854
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 66ms
41ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854
Requested by: Host: support6518465.clickfunnels.com
URL: https://support6518465.clickfunnels.com/optin1690654554666
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://support6518465.clickfunnels.com/
Origin: https://support6518465.clickfunnels.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 07:25:18 GMT
content-encoding: gzip
last-modified: Thu, 20 Jul 2023 18:10:27 GMT
server: cloudflare
etag: W/"2023.7.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7eebddee38357156-YUL

GET /
activity-metamask.ddnss.eu/FMfcgzGtwDGrSHmqrhQdmDbWFzBphsNq/FMfcgzGtwMglRwHgjsmXQhPmXtmzhtTj/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: activity-metamask.ddnss.eu
URL: https://activity-metamask.ddnss.eu/FMfcgzGtwDGrSHmqrhQdmDbWFzBphsNq/FMfcgzGtwMglRwHgjsmXQhPmXtmzhtTj/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.support6518465.clickfunnels.com/	1970-01-20 13:39:48	Name: __cf_mw_byp Value: EckPTyo1AlkHGadXGGYfZZYHKOYGrghU6z56tCJExQA-1690701913-0-/optin3w4u8d81
			.clickfunnels.com/	1970-01-20 13:38:23	Name: __cf_bm Value: k1JCy9oEdrm6ZJtbwj.4O1FfUIL2RDganR9Kt9iisqA-1690701918-0-AfmWRgp1QZawFNm2SWg33qZK7MlBhq/fiNA8qNqO00oi5bMuBu9E+lNu43jOttMGpVbybjDn8oRkdMXHPOFn509h9ZKpxYdd5dsoroHJa9wR

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

activity-metamask.ddnss.eu
app.clickfunnels.com
fonts.googleapis.com
images.clickfunnels.com
mail.nisbets.be
static.cloudflareinsights.com
support6518465.clickfunnels.com
use.fontawesome.com
activity-metamask.ddnss.eu
15.156.37.76
2606:4700::6810:3865
2606:4700::6810:cc2
2606:4700:e2::ac40:850f
2607:f8b0:4006:81d::200a
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
8b448efa7b88fb3e7298164914c671558471adc9e603ad97ab69cdddd6c85a7c
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

support6518465.clickfunnels.com Open in urlscan Pro 2606:4700::6810:cc2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

14 Requests

93 %HTTPS

80 %IPv6

6 Domains

8 Subdomains

5 IPs

2 Countries

799 kBTransfer

2972 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

support6518465.clickfunnels.com Open in urlscan Pro
2606:4700::6810:cc2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

80 %
IPv6

6
Domains

8
Subdomains

5
IPs

2
Countries

799 kB
Transfer

2972 kB
Size

2
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!