app.funnel-preview.com
Open in
urlscan Pro
104.16.16.194
Malicious Activity!
Public Scan
Effective URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca09...
Submission: On October 24 via manual from IT — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 23rd 2021. Valid for: a year.
This is the only time app.funnel-preview.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 172.67.219.237 172.67.219.237 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 104.16.16.194 104.16.16.194 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 10 | 104.16.12.194 104.16.12.194 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 172.67.214.69 172.67.214.69 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 142.250.185.106 142.250.185.106 | 15169 (GOOGLE) (GOOGLE) | |
1 | 64.20.41.188 64.20.41.188 | 19318 (IS-AS-1) (IS-AS-1) | |
1 | 104.16.94.65 104.16.94.65 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.185.99 142.250.185.99 | 15169 (GOOGLE) (GOOGLE) | |
4 | 104.16.14.194 104.16.14.194 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 52.16.116.2 52.16.116.2 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 67.202.94.86 67.202.94.86 | 32748 (STEADFAST) (STEADFAST) | |
1 | 157.240.20.19 157.240.20.19 | 32934 (FACEBOOK) (FACEBOOK) | |
27 | 12 |
ASN13335 (CLOUDFLARENET, US)
www.clickfunnels.com | |
images.clickfunnels.com | |
heral45rdgz.clickfunnels.com | |
app.clickfunnels.com |
ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f10.1e100.net
fonts.googleapis.com |
ASN19318 (IS-AS-1, US)
PTR: thor.433eros.space
mega-scripts.icu |
ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net
fonts.gstatic.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-116-2.eu-west-1.compute.amazonaws.com
track.addevent.com |
ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frt3.fbcdn.net
static.xx.fbcdn.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
clickfunnels.com
1 redirects
www.clickfunnels.com images.clickfunnels.com heral45rdgz.clickfunnels.com app.clickfunnels.com |
750 KB |
4 |
funnel-preview.com
app.funnel-preview.com |
22 KB |
2 |
googleapis.com
fonts.googleapis.com |
4 KB |
2 |
fontawesome.com
use.fontawesome.com |
17 KB |
1 |
fbcdn.net
static.xx.fbcdn.net |
2 KB |
1 |
amung.us
whos.amung.us |
29 B |
1 |
addevent.com
track.addevent.com |
|
1 |
gstatic.com
fonts.gstatic.com |
44 KB |
1 |
cloudflareinsights.com
static.cloudflareinsights.com |
5 KB |
1 |
mega-scripts.icu
mega-scripts.icu |
41 KB |
1 |
8713.su
1 redirects
s.8713.su |
849 B |
27 | 11 |
Domain | Requested by | |
---|---|---|
7 | app.clickfunnels.com |
1 redirects
app.funnel-preview.com
www.clickfunnels.com app.clickfunnels.com |
4 | www.clickfunnels.com |
app.funnel-preview.com
|
4 | app.funnel-preview.com |
static.cloudflareinsights.com
|
2 | images.clickfunnels.com |
app.funnel-preview.com
|
2 | fonts.googleapis.com |
app.funnel-preview.com
|
2 | use.fontawesome.com |
app.funnel-preview.com
|
1 | static.xx.fbcdn.net |
app.funnel-preview.com
|
1 | whos.amung.us |
app.funnel-preview.com
|
1 | track.addevent.com |
app.funnel-preview.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | static.cloudflareinsights.com |
app.funnel-preview.com
|
1 | heral45rdgz.clickfunnels.com |
app.funnel-preview.com
|
1 | mega-scripts.icu |
app.funnel-preview.com
|
1 | s.8713.su | 1 redirects |
27 | 14 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
app.funnel-preview.com Cloudflare Inc ECC CA-3 |
2021-08-23 - 2022-08-22 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-08-23 - 2022-08-22 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
mega-scripts.icu cPanel, Inc. Certification Authority |
2021-09-14 - 2021-12-13 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
addevent.com Amazon |
2021-02-25 - 2022-03-26 |
a year | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-08-02 - 2021-10-31 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Frame ID: E238C5903BCBB43C28041533062A1D58
Requests: 29 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://s.8713.su/aTJ8L
HTTP 301
https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://s.8713.su/aTJ8L
HTTP 301
https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 16- https://app.clickfunnels.com/cf.js HTTP 301
- https://www.clickfunnels.com/cf.js
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
vsl1634845464437
app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/ Redirect Chain
|
109 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lander.css
www.clickfunnels.com/assets/ |
425 KB 71 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.9.0/css/ |
55 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v4-shims.css
use.fontawesome.com/releases/v5.9.0/css/ |
26 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
45 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application.js
www.clickfunnels.com/assets/userevents/ |
5 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
mega-scripts.icu/ |
167 KB 41 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
4 KB 739 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lander.js
www.clickfunnels.com/assets/ |
2 MB 659 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ClickfunnelsTag.png
images.clickfunnels.com/3d/392630953c4119a324492bb1c05778/ |
5 KB 6 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf_stripe_orders.js
heral45rdgz.clickfunnels.com/ |
18 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mailcheck.min.js
app.clickfunnels.com/ |
3 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pushcrew.js
app.clickfunnels.com/assets/ |
637 B 450 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
beacon.min.js
static.cloudflareinsights.com/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
26 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5.png
images.clickfunnels.com/9a/6d1810a2e911e79388eb6c4fe852ba/ |
56 B 305 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v26/ |
44 KB 44 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.js
www.clickfunnels.com/ Redirect Chain
|
18 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
app.clickfunnels.com/userevents/ |
0 308 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
app.clickfunnels.com/userevents/ |
0 813 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
app.clickfunnels.com/userevents/ |
0 310 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
track.addevent.com/atc/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rum
app.funnel-preview.com/cdn-cgi/ |
0 204 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
29 B 29 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
track
app.clickfunnels.com/v1/ |
119 B 466 B |
XHR
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rum
app.funnel-preview.com/cdn-cgi/ |
0 64 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rum
app.funnel-preview.com/cdn-cgi/ |
0 77 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com | Name: updated_at Value: df7c311f91732e4771ff1d68ca093e46v2 |
|
app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com | Name: addevent_track_cookie Value: 198db166-3464-491e-fc80-bfac150c24de |
|
s.8713.su/ | Name: PHPSESSID Value: a624f9d57083c0ccf80b7caf6437d9e3 |
|
s.8713.su/ | Name: short_aTJ8L Value: 1 |
|
.app.funnel-preview.com/ | Name: __cf_bm Value: rm8OlsjrU_FunughrI5h_7pLeLZEXyhRvhmlyIkqU.w-1635086902-0-AayDDLnLPediN2wv86rg5VeACiFnqrj3M+mty2sHRLxxEuwjyOyg37NAE6YKQfYDxuZpDVh2cr+NT/y03NvhQm0IcwY2JpVhCVY1/gvpsgmd |
|
.clickfunnels.com/ | Name: __cf_bm Value: K1z.0KF4GQWSpXHJPVm1o8pQ3JPHtS.HGxXHRLwFGBI-1635086903-0-AQxfP0xxBa3okGroHqpTvlAgwGIs9RUHVsmPJUN/LZ6a0OKwBR8Cb6TLt6/n28/WjD+0sqLBINr0GtQLjInfV3Uh+ZhSuhcuyjGuaRdIYZwu |
|
app.funnel-preview.com/ | Name: cf:aff_sub2 Value: |
|
app.funnel-preview.com/ | Name: cf:aff_sub3 Value: |
|
app.funnel-preview.com/ | Name: cf:aff_sub Value: |
|
app.funnel-preview.com/ | Name: cf:affiliate_id Value: |
|
app.funnel-preview.com/ | Name: cf:cf_affiliate_id Value: |
|
app.funnel-preview.com/ | Name: cf:content Value: |
|
app.funnel-preview.com/ | Name: cf:medium Value: |
|
app.funnel-preview.com/ | Name: cf:name Value: |
|
app.funnel-preview.com/ | Name: cf:source Value: |
|
app.funnel-preview.com/ | Name: cf:term Value: |
|
app.funnel-preview.com/ | Name: cf:NTEzMzgzMDI Value: :visited=true |
|
app.funnel-preview.com/ | Name: cf:visitor_id Value: 6a4aabd1-a066-4b97-a0ad-bbad3f7acd00 |
|
app.funnel-preview.com/ | Name: is_eu Value: true |
|
app.funnel-preview.com/ | Name: xzmekqpbrel0kkib Value: true |
|
app.funnel-preview.com/ | Name: 11531549_viewed_34 Value: 1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0 |
X-Frame-Options | ALLOWALL |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.clickfunnels.com
app.funnel-preview.com
fonts.googleapis.com
fonts.gstatic.com
heral45rdgz.clickfunnels.com
images.clickfunnels.com
mega-scripts.icu
s.8713.su
static.cloudflareinsights.com
static.xx.fbcdn.net
track.addevent.com
use.fontawesome.com
whos.amung.us
www.clickfunnels.com
104.16.12.194
104.16.14.194
104.16.16.194
104.16.94.65
142.250.185.106
142.250.185.99
157.240.20.19
172.67.214.69
172.67.219.237
52.16.116.2
64.20.41.188
67.202.94.86
004e3565fa58bd4ff0cbf31deb5451508a5ec7d46c4480f9bfa23326f187a158
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b
1b7cafc6b569b8b4e6805b411b2dbd8e7769abd98f7a8d7cc80e4dc55b811d0f
261e8e3afd30137de20414f6eeed8772d274bb801aaf590044b8e4a71b369b9f
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
40b1e129fd55c17b3a1234e2ef332ca0cd7526573e60f78fa7fe11cc4b52549f
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
5dfa88a4dc8b6c0b834a62e45daee28a8dc37ed6ae7eb1545e4ed8b6382c0474
73cdde0e8ab0ef316b16c2a2ceb8b280e421a40b455f4195984374173e97fa8b
7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
987902c6c8d34bc663e2406589e9c26e9118839c9aefccc8616299ed524dbf29
acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f
b6c960771e9f48c1c46590cfc89b57b7e0707ee70441583fb7fc9faf8107bba0
c29fe307e51140476331d50e03c04444bd1cd1acf3d1ce454539fe2511237a41
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d
e0189e16cf01f8149342c9f2de872cfa73571f2a145a830f18b16154bf1d2982
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8545501911c19cfba3bea44dc0d771c4a443d180bb80a3200f6cc1cc4d2a279
f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422