app.funnel-preview.com Open in urlscan Pro
104.16.16.194 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s.8713.su/aTJ8L
Effective URL:
https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca09...
Submission: On October 24 via manual (October 24th 2021, 2:48:28 pm UTC) from IT — Scanned from DE

Summary HTTP 27 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 2 countries across 11 domains to perform 27 HTTP transactions. The main IP is 104.16.16.194, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.funnel-preview.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 23rd 2021. Valid for: a year.

This is the only time app.funnel-preview.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.67.219.237 172.67.219.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.16.16.194 104.16.16.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 10	104.16.12.194 104.16.12.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.214.69 172.67.214.69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.106 142.250.185.106	15169 (GOOGLE) (GOOGLE)
1	64.20.41.188 64.20.41.188	19318 (IS-AS-1) (IS-AS-1)
1	104.16.94.65 104.16.94.65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.99 142.250.185.99	15169 (GOOGLE) (GOOGLE)
4	104.16.14.194 104.16.14.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.16.116.2 52.16.116.2	16509 (AMAZON-02) (AMAZON-02)
1	67.202.94.86 67.202.94.86	32748 (STEADFAST) (STEADFAST)
1	157.240.20.19 157.240.20.19	32934 (FACEBOOK) (FACEBOOK)
27	12

1 172.67.219.237 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

s.8713.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.16.194 (United States)

ASN13335 (CLOUDFLARENET, US)

app.funnel-preview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.16.12.194 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
heral45rdgz.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.214.69 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.106 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.20.41.188 (Newark, United States)

ASN19318 (IS-AS-1, US)
PTR: thor.433eros.space

mega-scripts.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.94.65 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.14.194 (United States)

ASN13335 (CLOUDFLARENET, US)

app.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.16.116.2 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-116-2.eu-west-1.compute.amazonaws.com

track.addevent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.94.86 (Chicago, United States)

ASN32748 (STEADFAST, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.20.19 (United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frt3.fbcdn.net

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	clickfunnels.com 1 redirects www.clickfunnels.com images.clickfunnels.com heral45rdgz.clickfunnels.com app.clickfunnels.com	750 KB
4	funnel-preview.com app.funnel-preview.com	22 KB
2	googleapis.com fonts.googleapis.com	4 KB
2	fontawesome.com use.fontawesome.com	17 KB
1	fbcdn.net static.xx.fbcdn.net	2 KB
1	amung.us whos.amung.us	29 B
1	addevent.com track.addevent.com
1	gstatic.com fonts.gstatic.com	44 KB
1	cloudflareinsights.com static.cloudflareinsights.com	5 KB
1	mega-scripts.icu mega-scripts.icu	41 KB
1	8713.su 1 redirects s.8713.su	849 B
27	11

	Domain	Requested by
7	app.clickfunnels.com	1 redirects app.funnel-preview.com www.clickfunnels.com app.clickfunnels.com
4	www.clickfunnels.com	app.funnel-preview.com
4	app.funnel-preview.com	static.cloudflareinsights.com
2	images.clickfunnels.com	app.funnel-preview.com
2	fonts.googleapis.com	app.funnel-preview.com
2	use.fontawesome.com	app.funnel-preview.com
1	static.xx.fbcdn.net	app.funnel-preview.com
1	whos.amung.us	app.funnel-preview.com
1	track.addevent.com	app.funnel-preview.com
1	fonts.gstatic.com	fonts.googleapis.com
1	static.cloudflareinsights.com	app.funnel-preview.com
1	heral45rdgz.clickfunnels.com	app.funnel-preview.com
1	mega-scripts.icu	app.funnel-preview.com
1	s.8713.su	1 redirects
27	14

This site contains no links.

Subject Issuer	Validity	Valid
app.funnel-preview.com Cloudflare Inc ECC CA-3	`2021-08-23` - `2022-08-22`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-23` - `2022-08-22`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
mega-scripts.icu cPanel, Inc. Certification Authority	`2021-09-14` - `2021-12-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
addevent.com Amazon	`2021-02-25` - `2022-03-26`	a year	crt.sh
whos.amung.us Sectigo RSA Domain Validation Secure Server CA	`2020-05-21` - `2022-05-21`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-08-02` - `2021-10-31`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Frame ID: E238C5903BCBB43C28041533062A1D58
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://s.8713.su/aTJ8L HTTP 301
https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f... Page URL

Page Statistics

27
Requests

100 %
HTTPS

0 %
IPv6

11
Domains

14
Subdomains

12
IPs

2
Countries

885 kB
Transfer

3205 kB
Size

21
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s.8713.su/aTJ8L HTTP 301
https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://app.clickfunnels.com/cf.js HTTP 301
https://www.clickfunnels.com/cf.js

27 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request vsl1634845464437 Show response
app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/
Redirect Chain

https://s.8713.su/aTJ8L
https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

109 KB
21 KB

309ms
247ms

Document
text/html

104.16.16.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.16.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

1b7cafc6b569b8b4e6805b411b2dbd8e7769abd98f7a8d7cc80e4dc55b811d0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

:method: GET
:authority: app.funnel-preview.com
:scheme: https
:path: /for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 24 Oct 2021 14:48:22 GMT
content-type: text/html; charset=utf-8
cf-ray: 6a340175fee84113-PRG
access-control-allow-origin: *
cache-control: max-age=60, public, s-maxage=600, r-maxage=10
last-modified: Thu, 21 Oct 2021 19:56:57 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200 OK
x-content-digest: f28f79461de1ecff993c9b53707f77e7ddc84210
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: stale, valid, store
x-request-id: fca9409b93a91df9347f8c6d1cbd3472
x-runtime: 0.309047
set-cookie: __cf_bm=rm8OlsjrU_FunughrI5h_7pLeLZEXyhRvhmlyIkqU.w-1635086902-0-AayDDLnLPediN2wv86rg5VeACiFnqrj3M+mty2sHRLxxEuwjyOyg37NAE6YKQfYDxuZpDVh2cr+NT/y03NvhQm0IcwY2JpVhCVY1/gvpsgmd; path=/; expires=Sun, 24-Oct-21 15:18:22 GMT; domain=.app.funnel-preview.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br

Redirect headers

date: Sun, 24 Oct 2021 14:48:22 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.14
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
set-cookie: PHPSESSID=a624f9d57083c0ccf80b7caf6437d9e3; path=/ short_aTJ8L=1; expires=Sun, 24-Oct-2021 15:18:22 GMT; Max-Age=1800; path=/; HttpOnly
location: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
strict-transport-security: max-age=31536000;
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2BV6W4%2F9DZ861ekP6igluCGzwCk4bx9cT3g2tXGOKkFUK06PADVBpfwNII9cIgGI8UsSbo7vKNsehWcijzKzRnF7DyklUcm8ZQW6wxoZ%2Fzt4HMhb9ke9Q5AUjgc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6a3401725d26412c-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 lander.css
www.clickfunnels.com/assets/ 425 KB
71 KB 86ms
48ms Stylesheet
text/css 104.16.12.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickfunnels.com/assets/lander.css

Requested by

Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.12.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1199
last-modified: Thu, 21 Oct 2021 15:34:57 GMT
server: cloudflare
etag: W/"617188a1-6a514"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=1200
access-control-allow-credentials: true
cf-ray: 6a340177d99127c0-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Sun, 24 Oct 2021 15:08:23 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.9.0/css/ 55 KB
12 KB 58ms
24ms Stylesheet
text/css 172.67.214.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/all.css
Requested by: Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.214.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9484855
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: CV7QM0HS7RRXS4GJ
x-amz-id-2: VnAb30vVuE3+2KeVOlKVUINHcTviAzhmOFrXldKp2SSVl0nj6IwU4iQMTGSVvUiXeidneFn18mE=
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
server: cloudflare
etag: W/"dbf9d822cefe851ba6f66e1ad57e8987"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HqerdY9nv01dbGphXFwB2a9GNJVVDaugAnPsDmoJzj5ZWPaJSysipUm6tvpGhvMWb5lf8MTYjUJvQSOGuzDHBMsT3P89VM8wKlR2dN8GhFTecq1l2bSudyo1BZXF7PP%2FEdEvu5JG"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 6a340177d9cb4119-PRG

GET
H2 200 v4-shims.css
use.fontawesome.com/releases/v5.9.0/css/ 26 KB
5 KB 57ms
23ms Stylesheet
text/css 172.67.214.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
Requested by: Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.214.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9484855
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: CV7YAD2HMNXXG48J
x-amz-id-2: G6OK7ipd4uksdb3tTsuqiLzsv6TRWuZJeeUiXOwhhSEIdDfVIKhOmHR0KPLxit/7I8jqlq7fHSw=
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
server: cloudflare
etag: W/"e140a7d32f343530f016095df3cc2ae4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVBrEkIO9qWaKXbxS4TRt%2BWWQkYwJKs03kTBkAcgsiSuuTiFRHH5%2BHUo6lX7xVTUFhLEl20VRvzHB663JVUAKkC4LYj8U7fi5%2B4e08DB9xKb5ivzHFX5UyyZWQB9v2qKiXUW%2FQQa"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 6a340177e9cc4119-PRG

GET
H2 200 css
fonts.googleapis.com/ 45 KB
3 KB 40ms
17ms Stylesheet
text/css 142.250.185.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

Requested by

Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f10.1e100.net

Software

ESF /

Resource Hash

40b1e129fd55c17b3a1234e2ef332ca0cd7526573e60f78fa7fe11cc4b52549f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 24 Oct 2021 13:12:21 GMT
server: ESF
date: Sun, 24 Oct 2021 14:48:23 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sun, 24 Oct 2021 14:48:23 GMT

GET
H2 200 application.js Show response
www.clickfunnels.com/assets/userevents/ 5 KB
2 KB 48ms
47ms Script
application/x-javascript 104.16.12.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickfunnels.com/assets/userevents/application.js

Requested by

Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.12.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

004e3565fa58bd4ff0cbf31deb5451508a5ec7d46c4480f9bfa23326f187a158

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1199
last-modified: Thu, 21 Oct 2021 15:34:57 GMT
server: cloudflare
etag: W/"617188a1-1353"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
access-control-allow-credentials: true
cf-ray: 6a3401786aa427c0-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Sun, 24 Oct 2021 15:08:23 GMT

GET
H2 200 / Show response
mega-scripts.icu/ 167 KB
41 KB 537ms
269ms Script
text/html 64.20.41.188
IS-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://mega-scripts.icu/?token=88ac37094d5e650c5358ee7dc0ba65bd
Requested by: Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 64.20.41.188 Newark, United States, ASN19318 (IS-AS-1, US),
Reverse DNS: thor.433eros.space
Software: LiteSpeed /
Resource Hash: 261e8e3afd30137de20414f6eeed8772d274bb801aaf590044b8e4a71b369b9f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: br
server: LiteSpeed
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

GET
H2 200 css
fonts.googleapis.com/ 4 KB
739 B 46ms
24ms Stylesheet
text/css 142.250.185.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Slab%7COpen+Sans+sans-serif%7CUbuntu%7CRoboto+Slab%7COpen+Sans+sans-serif%7CRoboto+Slab%7COpen+Sans+sans-serif%7CUbuntu%7COpen+Sans+sans-serif%7CRoboto+Slab%7C%7C

Requested by

Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f10.1e100.net

Software

ESF /

Resource Hash

73cdde0e8ab0ef316b16c2a2ceb8b280e421a40b455f4195984374173e97fa8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 24 Oct 2021 14:48:23 GMT
server: ESF
date: Sun, 24 Oct 2021 14:48:23 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sun, 24 Oct 2021 14:48:23 GMT

GET
H2 200 lander.js Show response
www.clickfunnels.com/assets/ 2 MB
659 KB 106ms
71ms Script
application/x-javascript 104.16.12.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickfunnels.com/assets/lander.js

Requested by

Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.12.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8545501911c19cfba3bea44dc0d771c4a443d180bb80a3200f6cc1cc4d2a279

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 10
last-modified: Thu, 21 Oct 2021 15:34:57 GMT
server: cloudflare
etag: W/"617188a1-23604d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
access-control-allow-credentials: true
cf-ray: 6a340177e99327c0-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Sun, 24 Oct 2021 15:08:23 GMT

GET
H2 200 ClickfunnelsTag.png
images.clickfunnels.com/3d/392630953c4119a324492bb1c05778/ 5 KB
6 KB 51ms
41ms Image
image/webp 104.16.12.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.clickfunnels.com/3d/392630953c4119a324492bb1c05778/ClickfunnelsTag.png
Requested by: Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.12.194 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5dfa88a4dc8b6c0b834a62e45daee28a8dc37ed6ae7eb1545e4ed8b6382c0474

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
cf-cache-status: HIT
age: 3977
cf-polished: origFmt=png, origSize=9030
cf-ray: 6a3401787ac227c0-PRG
last-modified: Fri, 03 Jan 2020 17:41:49 GMT
content-disposition: inline; filename="ClickfunnelsTag.webp"
content-length: 5276
x-amz-id-2: 5hBYnmKNhKc4sIU0Fwt4591/70VdH0ZzEoBnYZo+clus+L2NDzBbZRJaktjsjxPPNizSQNVDLz0=
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "a633777156a5ffeb58c92d3d59fa4e34"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-amz-request-id: HWDGHDXJWR6MVACJ
cache-control: public, max-age=2073600
accept-ranges: bytes
content-type: image/webp
expires: Wed, 17 Nov 2021 14:48:23 GMT

GET
H2 200 cf_stripe_orders.js Show response
heral45rdgz.clickfunnels.com/ 18 KB
4 KB 174ms
163ms Script
application/x-javascript 104.16.12.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://heral45rdgz.clickfunnels.com/cf_stripe_orders.js

Requested by

Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.12.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

987902c6c8d34bc663e2406589e9c26e9118839c9aefccc8616299ed524dbf29

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 21 Oct 2021 15:34:57 GMT
server: cloudflare
etag: W/"617188a1-4711"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=0
cf-ray: 6a3401786a9827c0-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization

GET
H2 200 mailcheck.min.js Show response
app.clickfunnels.com/ 3 KB
1 KB 56ms
47ms Script
application/x-javascript 104.16.12.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/mailcheck.min.js

Requested by

Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.12.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0189e16cf01f8149342c9f2de872cfa73571f2a145a830f18b16154bf1d2982

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 842
last-modified: Thu, 21 Oct 2021 15:34:57 GMT
server: cloudflare
etag: W/"617188a1-a8d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 6a3401787abe27c0-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization

GET
H2 200 pushcrew.js Show response
app.clickfunnels.com/assets/ 637 B
450 B 73ms
64ms Script
application/x-javascript 104.16.12.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/assets/pushcrew.js

Requested by

Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.12.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 41
last-modified: Thu, 21 Oct 2021 15:34:56 GMT
server: cloudflare
etag: W/"617188a0-27d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
access-control-allow-credentials: true
cf-ray: 6a3401787abc27c0-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Sun, 24 Oct 2021 15:08:23 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 13 KB
5 KB 107ms
71ms Script
text/javascript 104.16.94.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.94.65 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:23:12 GMT
server: cloudflare
etag: W/2021.9.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6a340178aade2774-PRG

GET
DATA 200
OK truncated
/ 26 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 5.png
images.clickfunnels.com/9a/6d1810a2e911e79388eb6c4fe852ba/ 56 B
305 B 170ms
169ms Image
image/webp 104.16.12.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.clickfunnels.com/9a/6d1810a2e911e79388eb6c4fe852ba/5.png
Requested by: Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.12.194 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c29fe307e51140476331d50e03c04444bd1cd1acf3d1ce454539fe2511237a41

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: 8QPPX3SKGT6WKRYH
cf-polished: origFmt=png, origSize=140
last-modified: Tue, 26 Sep 2017 18:36:29 GMT
content-disposition: inline; filename="5.webp"
content-length: 56
x-amz-id-2: 9kH7J5ekoaSClFoUSxf3XFEnoDaXC5I4iP4GRXpH77GEa8Xgyl9n65sC5CL7GbDxDXAkQqxeJhY=
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "0133c45beb76ef413071eddffe0bf2d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2073600
accept-ranges: bytes
cf-ray: 6a3401787acc27c0-PRG
expires: Wed, 17 Nov 2021 14:48:23 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v26/ 44 KB
44 KB 29ms
8ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v26/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://app.funnel-preview.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 21 Oct 2021 17:04:31 GMT
x-content-type-options: nosniff
age: 251032
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 44760
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 16:50:17 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 21 Oct 2022 17:04:31 GMT

GET
H2

200

cf.js Show response
www.clickfunnels.com/
Redirect Chain

https://app.clickfunnels.com/cf.js
https://www.clickfunnels.com/cf.js

18 KB
5 KB

38ms
38ms

Script
application/x-javascript

104.16.12.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickfunnels.com/cf.js

Requested by

Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.12.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 300
last-modified: Thu, 21 Oct 2021 15:34:57 GMT
server: cloudflare
etag: W/"617188a1-476a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 6a34017b3a1c27c0-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization

Redirect headers

date: Sun, 24 Oct 2021 14:48:23 GMT
cf-cache-status: HIT
access-control-allow-origin: *
server: cloudflare
age: 735
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/html
location: https://www.clickfunnels.com/cf.js
access-control-allow-credentials: true
strict-transport-security: max-age=0
cf-ray: 6a34017ac97f27c0-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization

GET
H2 202 / Show response
app.clickfunnels.com/userevents/ 0
308 B 257ms
221ms XHR
text/html 104.16.14.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/userevents/?funnel_id=Z0tHcjB0T01SVE9yWVdEYThiZ3MwQT09LS1VZDk3WlQ2ZXA1SkQ2Nm5ydkZDS0xBPT0%3D--e4d0e7f1e9fd44e5e85dfee819dce7ac00f210a8&page_id=SzB2NzBJMjJGZDVKOEE3Zk1WK1BwQT09LS1udWdpTnZLV2JBN0YzU3BMRGVXak5RPT0%3D--4fbd561e2b03df49ecacab20c093bd0a146d24ec&funnel_step_id=WFlBdFEwczFLSk5sOERuNWZ4OTZvQT09LS1vK3FUL0VmTVFEWDVGS2JROEYvaUNnPT0%3D--4f6626218994637c4cf2fd2805dfbeb24f57b47f&user_id=VGpYQTk3MGdTU3FSL0w4aTM0RVdtZz09LS1HZnFENkRsRy9Wd0xOai9PTnByT2RRPT0%3D--d978a4a5c75731a8501fc5c893895fe7b9f7da4d&account_id=aFF1TjByaUEwb3BYc3N4Y1k2YUY1QT09LS1jazB2WHZkMGRlRWNvbjVQcnkxbktnPT0%3D--e7c8aebb7299335e8bcc5211aa0357400e82f79b&page_code=NTEzMzgzMDI%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::PageviewsCreatedSummary&nonce=067b3fae-fda7-4b41-8a82-7d299284279e&url=https%3A%2F%2Fapp.funnel-preview.com%2Ffor_domain%2Fheral45rdgz.clickfunnels.com%2Fvsl1634845464437%3Fupdated_at%3Ddf7c311f91732e4771ff1d68ca093e46v2

Requested by

Host: www.clickfunnels.com
URL: https://www.clickfunnels.com/assets/userevents/application.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
access-control-request-method: *
cf-cache-status: BYPASS
access-control-allow-origin: *
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 202 Accepted
strict-transport-security: max-age=0
x-request-id: a0409f8383b19443e447351fc86639cc
x-runtime: 0.033856
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/html
pragma: no-cache
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6a34017b0ccf412c-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

GET
H2 202 / Show response
app.clickfunnels.com/userevents/ 0
813 B 227ms
192ms XHR
text/html 104.16.14.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/userevents/?funnel_id=Z0tHcjB0T01SVE9yWVdEYThiZ3MwQT09LS1VZDk3WlQ2ZXA1SkQ2Nm5ydkZDS0xBPT0%3D--e4d0e7f1e9fd44e5e85dfee819dce7ac00f210a8&page_id=SzB2NzBJMjJGZDVKOEE3Zk1WK1BwQT09LS1udWdpTnZLV2JBN0YzU3BMRGVXak5RPT0%3D--4fbd561e2b03df49ecacab20c093bd0a146d24ec&funnel_step_id=WFlBdFEwczFLSk5sOERuNWZ4OTZvQT09LS1vK3FUL0VmTVFEWDVGS2JROEYvaUNnPT0%3D--4f6626218994637c4cf2fd2805dfbeb24f57b47f&user_id=VGpYQTk3MGdTU3FSL0w4aTM0RVdtZz09LS1HZnFENkRsRy9Wd0xOai9PTnByT2RRPT0%3D--d978a4a5c75731a8501fc5c893895fe7b9f7da4d&account_id=aFF1TjByaUEwb3BYc3N4Y1k2YUY1QT09LS1jazB2WHZkMGRlRWNvbjVQcnkxbktnPT0%3D--e7c8aebb7299335e8bcc5211aa0357400e82f79b&page_code=NTEzMzgzMDI%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniquePageviewsCreatedSummary&nonce=6d180bcb-a5e7-4a36-a97d-84a18dc3ff10&url=https%3A%2F%2Fapp.funnel-preview.com%2Ffor_domain%2Fheral45rdgz.clickfunnels.com%2Fvsl1634845464437%3Fupdated_at%3Ddf7c311f91732e4771ff1d68ca093e46v2

Requested by

Host: www.clickfunnels.com
URL: https://www.clickfunnels.com/assets/userevents/application.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
access-control-request-method: *
cf-cache-status: BYPASS
access-control-allow-origin: *
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 202 Accepted
strict-transport-security: max-age=0
x-request-id: 41c64869edf15a71a367338c1a5bcd6e
x-runtime: 0.034801
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/html
pragma: no-cache
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6a34017b0cd2412c-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

GET
H2 202 / Show response
app.clickfunnels.com/userevents/ 0
310 B 261ms
226ms XHR
text/html 104.16.14.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/userevents/?funnel_id=Z0tHcjB0T01SVE9yWVdEYThiZ3MwQT09LS1VZDk3WlQ2ZXA1SkQ2Nm5ydkZDS0xBPT0%3D--e4d0e7f1e9fd44e5e85dfee819dce7ac00f210a8&page_id=SzB2NzBJMjJGZDVKOEE3Zk1WK1BwQT09LS1udWdpTnZLV2JBN0YzU3BMRGVXak5RPT0%3D--4fbd561e2b03df49ecacab20c093bd0a146d24ec&funnel_step_id=WFlBdFEwczFLSk5sOERuNWZ4OTZvQT09LS1vK3FUL0VmTVFEWDVGS2JROEYvaUNnPT0%3D--4f6626218994637c4cf2fd2805dfbeb24f57b47f&user_id=VGpYQTk3MGdTU3FSL0w4aTM0RVdtZz09LS1HZnFENkRsRy9Wd0xOai9PTnByT2RRPT0%3D--d978a4a5c75731a8501fc5c893895fe7b9f7da4d&account_id=aFF1TjByaUEwb3BYc3N4Y1k2YUY1QT09LS1jazB2WHZkMGRlRWNvbjVQcnkxbktnPT0%3D--e7c8aebb7299335e8bcc5211aa0357400e82f79b&page_code=NTEzMzgzMDI%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniqueVisitorsCreatedSummary&nonce=2811826a-87f8-4da4-82bf-b8264a3bfe32&url=https%3A%2F%2Fapp.funnel-preview.com%2Ffor_domain%2Fheral45rdgz.clickfunnels.com%2Fvsl1634845464437%3Fupdated_at%3Ddf7c311f91732e4771ff1d68ca093e46v2

Requested by

Host: www.clickfunnels.com
URL: https://www.clickfunnels.com/assets/userevents/application.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
access-control-request-method: *
cf-cache-status: BYPASS
access-control-allow-origin: *
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 202 Accepted
strict-transport-security: max-age=0
x-request-id: 0c76f34712473676c1d40d2aa69541a2
x-runtime: 0.028260
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/html
pragma: no-cache
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6a34017b1cd3412c-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

GET
H/1.1 200
OK /
track.addevent.com/atc/ 0
0 132ms
30ms Image
text/html 52.16.116.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=198db166-3464-491e-fc80-bfac150c24de&url=https%3A%2F%2Fapp.funnel-preview.com%2Ffor_domain%2Fheral45rdgz.clickfunnels.com%2Fvsl1634845464437%3Fupdated_at%3Ddf7c311f91732e4771ff1d68ca093e46v2&cache=1635086903542
Requested by: Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.16.116.2 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-116-2.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, X-Access-Token
Access-Control-Allow-Methods: PUT, GET, POST, DELETE, OPTIONS

POST
H2 200 rum Show response
app.funnel-preview.com/cdn-cgi/ 0
204 B 48ms
48ms XHR
text/plain 104.16.16.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.funnel-preview.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.16.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-fetch-mode: cors
origin: https://app.funnel-preview.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
cookie: __cf_bm=rm8OlsjrU_FunughrI5h_7pLeLZEXyhRvhmlyIkqU.w-1635086902-0-AayDDLnLPediN2wv86rg5VeACiFnqrj3M+mty2sHRLxxEuwjyOyg37NAE6YKQfYDxuZpDVh2cr+NT/y03NvhQm0IcwY2JpVhCVY1/gvpsgmd; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTEzMzgzMDI=:visited=true; cf:visitor_id=6a4aabd1-a066-4b97-a0ad-bbad3f7acd00
content-length: 6220
:path: /cdn-cgi/rum?
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: app.funnel-preview.com
referer: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json

Response headers

date: Sun, 24 Oct 2021 14:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://app.funnel-preview.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6a34017c6c584113-PRG
vary: Origin

GET
H2 200 /
whos.amung.us/pingjs/ 29 B
29 B 346ms
112ms Image
text/javascript 67.202.94.86
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://whos.amung.us/pingjs/?k=applemanza&t=Blacksar%20Inc.&x=https://whos.amung.us/&y=https://whos.amung.us/&a=-1&d=0&v=27&r=1017
Requested by: Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.202.94.86 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: amung.us
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:24 GMT
content-encoding: gzip
content-type: text/javascript;charset=UTF-8

GET
H2 200 dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ 2 KB
2 KB 27ms
7ms Image
image/svg+xml 157.240.20.19
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg

Requested by

Host: app.funnel-preview.com
URL: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.20.19 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-frt3.fbcdn.net

Software

Resource Hash

9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self';script-src .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src .fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: br
x-content-type-options: nosniff
content-md5: NiMA5zHIsmaYxSYEaw9fHg==
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1027
x-xss-protection: 0
x-fb-debug: crnkNYNrWCMTR4y4ECZG0BFzjNrviM22tbvAcjf0aNKCqKrDSn6DNDUvt5qaph4YmR9Vn/UYBBhVfWOl0R2F1g==
x-fb-trip-id: 2050670934
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
date: Sun, 24 Oct 2021 14:48:23 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
timing-allow-origin: *
priority: u=3,i
expires: Thu, 20 Oct 2022 18:19:19 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 track Show response
app.clickfunnels.com/v1/ 119 B
466 B 192ms
192ms XHR
text/javascript 104.16.14.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/v1/track?_unique=0.678474174642338&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437%3Fupdated_at%3Ddf7c311f91732e4771ff1d68ca093e46v2%230.3284532305683825&_title=Facebook%20%E2%80%93%20Anmelden%20oder%20Registrieren&_key=e4e5t2ka&_page_key=xzmekqpbrel0kkib&_fid=11531549&_fspos=34&_fvrs=1&_funnel_stat=0&_location=https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2

Requested by

Host: app.clickfunnels.com
URL: https://app.clickfunnels.com/cf.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

b6c960771e9f48c1c46590cfc89b57b7e0707ee70441583fb7fc9faf8107bba0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.funnel-preview.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 14:48:24 GMT
access-control-request-method: *
cf-cache-status: BYPASS
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 200 OK
strict-transport-security: max-age=0
content-encoding: br
x-request-id: 7039719ed497461925532521ae54f651
x-runtime: 0.019170
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6a34017eabd5412c-PRG
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

POST
H2 200 rum Show response
app.funnel-preview.com/cdn-cgi/ 0
64 B 20ms
19ms XHR
text/plain 104.16.16.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.funnel-preview.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.16.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-fetch-mode: cors
origin: https://app.funnel-preview.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
cookie: __cf_bm=rm8OlsjrU_FunughrI5h_7pLeLZEXyhRvhmlyIkqU.w-1635086902-0-AayDDLnLPediN2wv86rg5VeACiFnqrj3M+mty2sHRLxxEuwjyOyg37NAE6YKQfYDxuZpDVh2cr+NT/y03NvhQm0IcwY2JpVhCVY1/gvpsgmd; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTEzMzgzMDI=:visited=true; cf:visitor_id=6a4aabd1-a066-4b97-a0ad-bbad3f7acd00
content-length: 3782
:path: /cdn-cgi/rum?
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: app.funnel-preview.com
referer: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json

Response headers

date: Sun, 24 Oct 2021 14:48:24 GMT
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6a34017f5b6e4113-PRG
x-frame-options: DENY

POST
H2 200 rum Show response
app.funnel-preview.com/cdn-cgi/ 0
77 B 20ms
17ms XHR
text/plain 104.16.16.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.funnel-preview.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.16.194 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-fetch-mode: cors
origin: https://app.funnel-preview.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
cookie: __cf_bm=rm8OlsjrU_FunughrI5h_7pLeLZEXyhRvhmlyIkqU.w-1635086902-0-AayDDLnLPediN2wv86rg5VeACiFnqrj3M+mty2sHRLxxEuwjyOyg37NAE6YKQfYDxuZpDVh2cr+NT/y03NvhQm0IcwY2JpVhCVY1/gvpsgmd; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTEzMzgzMDI=:visited=true; cf:visitor_id=6a4aabd1-a066-4b97-a0ad-bbad3f7acd00
content-length: 434
:path: /cdn-cgi/rum?
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: app.funnel-preview.com
referer: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com/vsl1634845464437?updated_at=df7c311f91732e4771ff1d68ca093e46v2
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json

Response headers

date: Sun, 24 Oct 2021 14:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://app.funnel-preview.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6a34017ffd074113-PRG
vary: Origin

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com	1970-01-20 06:57:02	Name: updated_at Value: df7c311f91732e4771ff1d68ca093e46v2
app.funnel-preview.com/for_domain/heral45rdgz.clickfunnels.com	1970-01-20 06:57:02	Name: addevent_track_cookie Value: 198db166-3464-491e-fc80-bfac150c24de
s.8713.su/	1969-12-31 23:59:59	Name: PHPSESSID Value: a624f9d57083c0ccf80b7caf6437d9e3
s.8713.su/	1970-01-19 22:11:28	Name: short_aTJ8L Value: 1
.app.funnel-preview.com/	1970-01-19 22:11:28	Name: __cf_bm Value: rm8OlsjrU_FunughrI5h_7pLeLZEXyhRvhmlyIkqU.w-1635086902-0-AayDDLnLPediN2wv86rg5VeACiFnqrj3M+mty2sHRLxxEuwjyOyg37NAE6YKQfYDxuZpDVh2cr+NT/y03NvhQm0IcwY2JpVhCVY1/gvpsgmd
.clickfunnels.com/	1970-01-19 22:11:28	Name: __cf_bm Value: K1z.0KF4GQWSpXHJPVm1o8pQ3JPHtS.HGxXHRLwFGBI-1635086903-0-AQxfP0xxBa3okGroHqpTvlAgwGIs9RUHVsmPJUN/LZ6a0OKwBR8Cb6TLt6/n28/WjD+0sqLBINr0GtQLjInfV3Uh+ZhSuhcuyjGuaRdIYZwu
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:aff_sub2 Value:
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:aff_sub3 Value:
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:aff_sub Value:
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:affiliate_id Value:
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:cf_affiliate_id Value:
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:content Value:
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:medium Value:
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:name Value:
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:source Value:
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:term Value:
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:NTEzMzgzMDI Value: :visited=true
app.funnel-preview.com/	1970-01-20 06:57:02	Name: cf:visitor_id Value: 6a4aabd1-a066-4b97-a0ad-bbad3f7acd00
app.funnel-preview.com/	1969-12-31 23:59:59	Name: is_eu Value: true
app.funnel-preview.com/	1970-01-20 06:57:02	Name: xzmekqpbrel0kkib Value: true
app.funnel-preview.com/	1970-01-20 06:57:02	Name: 11531549_viewed_34 Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.clickfunnels.com
app.funnel-preview.com
fonts.googleapis.com
fonts.gstatic.com
heral45rdgz.clickfunnels.com
images.clickfunnels.com
mega-scripts.icu
s.8713.su
static.cloudflareinsights.com
static.xx.fbcdn.net
track.addevent.com
use.fontawesome.com
whos.amung.us
www.clickfunnels.com
104.16.12.194
104.16.14.194
104.16.16.194
104.16.94.65
142.250.185.106
142.250.185.99
157.240.20.19
172.67.214.69
172.67.219.237
52.16.116.2
64.20.41.188
67.202.94.86
004e3565fa58bd4ff0cbf31deb5451508a5ec7d46c4480f9bfa23326f187a158
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b
1b7cafc6b569b8b4e6805b411b2dbd8e7769abd98f7a8d7cc80e4dc55b811d0f
261e8e3afd30137de20414f6eeed8772d274bb801aaf590044b8e4a71b369b9f
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
40b1e129fd55c17b3a1234e2ef332ca0cd7526573e60f78fa7fe11cc4b52549f
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
5dfa88a4dc8b6c0b834a62e45daee28a8dc37ed6ae7eb1545e4ed8b6382c0474
73cdde0e8ab0ef316b16c2a2ceb8b280e421a40b455f4195984374173e97fa8b
7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
987902c6c8d34bc663e2406589e9c26e9118839c9aefccc8616299ed524dbf29
acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f
b6c960771e9f48c1c46590cfc89b57b7e0707ee70441583fb7fc9faf8107bba0
c29fe307e51140476331d50e03c04444bd1cd1acf3d1ce454539fe2511237a41
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d
e0189e16cf01f8149342c9f2de872cfa73571f2a145a830f18b16154bf1d2982
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8545501911c19cfba3bea44dc0d771c4a443d180bb80a3200f6cc1cc4d2a279
f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422

app.funnel-preview.com Open in urlscan Pro 104.16.16.194 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

27 Requests

100 %HTTPS

0 %IPv6

11 Domains

14 Subdomains

12 IPs

2 Countries

885 kBTransfer

3205 kBSize

21 Cookies

0 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

app.funnel-preview.com Open in urlscan Pro
104.16.16.194 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

100 %
HTTPS

0 %
IPv6

11
Domains

14
Subdomains

12
IPs

2
Countries

885 kB
Transfer

3205 kB
Size

21
Cookies

27 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!