scambinance.com Open in urlscan Pro
2606:4700:3034::ac43:ca53 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://romaisa.clickfunnels.com/optin5h7cnggx
Effective URL:
https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br
Submission: On October 19 via manual (October 19th 2023, 11:11:30 am UTC) from DE — Scanned from DE

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 24 HTTP transactions. The main IP is 2606:4700:3034::ac43:ca53, located in United States and belongs to CLOUDFLARENET, US. The main domain is scambinance.com.
TLS certificate: Issued by GTS CA 1P5 on September 7th 2023. Valid for: 3 months.

This is the only time scambinance.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 11	2606:4700::68... 2606:4700::6810:fc2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:e0:... 2606:4700:e0::ac40:660b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:440... 2606:4700:4400::6812:27b5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	2606:4700:303... 2606:4700:3034::ac43:ca53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
24	6

11 2606:4700::6810:fc2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

romaisa.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
classic.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e0::ac40:660b (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:27b5 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3034::ac43:ca53 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

scambinance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	clickfunnels.com 2 redirects romaisa.clickfunnels.com app.clickfunnels.com — Cisco Umbrella Rank: 56525 images.clickfunnels.com — Cisco Umbrella Rank: 121775 www.clickfunnels.com — Cisco Umbrella Rank: 159342 classic.clickfunnels.com — Cisco Umbrella Rank: 209160	764 KB
5	scambinance.com 1 redirects scambinance.com	8 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1214	17 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1113	7 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 49	3 KB
0	addevent.com Failed track.addevent.com Failed
24	6

	Domain	Requested by
5	scambinance.com	1 redirects romaisa.clickfunnels.com scambinance.com
5	app.clickfunnels.com	romaisa.clickfunnels.com app.clickfunnels.com
4	romaisa.clickfunnels.com	1 redirects static.cloudflareinsights.com
2	use.fontawesome.com	romaisa.clickfunnels.com
1	classic.clickfunnels.com
1	www.clickfunnels.com	1 redirects
1	static.cloudflareinsights.com	romaisa.clickfunnels.com
1	images.clickfunnels.com	romaisa.clickfunnels.com
1	fonts.googleapis.com	romaisa.clickfunnels.com
0	track.addevent.com Failed	romaisa.clickfunnels.com
24	10

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-06-23` - `2024-06-22`	a year	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
scambinance.com GTS CA 1P5	`2023-09-07` - `2023-12-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br
Frame ID: 2D8AE32BB14C122FC25FD49FC8C9B4CA
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

https://romaisa.clickfunnels.com/optin5h7cnggx HTTP 302
https://romaisa.clickfunnels.com/optin1679049460124 Page URL
https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br Page URL
https://scambinance.com/cdn-cgi/phish-bypass?atok=6rQp4r4Sn4uOY18tWNQ1tctqTGHGbRbaK7lQWMvNrfo-169771... HTTP 301
https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

24
Requests

71 %
HTTPS

100 %
IPv6

6
Domains

10
Subdomains

6
IPs

2
Countries

798 kB
Transfer

2943 kB
Size

17
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://romaisa.clickfunnels.com/optin5h7cnggx HTTP 302
https://romaisa.clickfunnels.com/optin1679049460124 Page URL
https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br Page URL
https://scambinance.com/cdn-cgi/phish-bypass?atok=6rQp4r4Sn4uOY18tWNQ1tctqTGHGbRbaK7lQWMvNrfo-1697713883-0-%2Fgo.php%3Furl%3Dhttps%3A%2F%2Fpostbankunden.uniqueinternacional.com.br HTTP 301
https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://romaisa.clickfunnels.com/optin5h7cnggx HTTP 302
https://romaisa.clickfunnels.com/optin1679049460124

Request Chain 17

https://www.clickfunnels.com/images/closemodal.png HTTP 301
https://classic.clickfunnels.com/images/closemodal.png

24 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

optin1679049460124 Show response
romaisa.clickfunnels.com/
Redirect Chain

https://romaisa.clickfunnels.com/optin5h7cnggx
https://romaisa.clickfunnels.com/optin1679049460124

38 KB
10 KB

190ms
190ms

Document
text/html

2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://romaisa.clickfunnels.com/optin1679049460124
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash: 9bbbd2efb4f96236508ac0f771c311fbe604040fa94d1747a92d9d68af18f089

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=60, public, s-maxage=600, r-maxage=10
cf-cache-status: HIT
cf-ray: 8188946f9e284d6e-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 19 Oct 2023 11:11:21 GMT
last-modified: Sun, 30 Apr 2023 04:33:36 GMT
server: cloudflare
status: 200 OK
vary: Accept-Encoding
x-content-digest: a29efceaac3cf61e0af9a88b88389fffcaa69239
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: fresh
x-request-id: cecf977ace659ef351ac08df643f335c
x-runtime: 0.299114

Redirect headers

cache-control: no-cache
cf-cache-status: EXPIRED
cf-ray: 8188946d3b534d6e-FRA
content-type: text/html; charset=utf-8
date: Thu, 19 Oct 2023 11:11:21 GMT
location: https://romaisa.clickfunnels.com/optin1679049460124
server: cloudflare
status: 302 Found
vary: Accept-Encoding
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 975f69d69265805eaaa2091e351cc74a
x-runtime: 0.082454

GET
H2 200 lander.css
app.clickfunnels.com/assets/ 425 KB
74 KB 108ms
91ms Stylesheet
text/css 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/lander.css
Requested by: Host: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/optin1679049460124
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://romaisa.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 18 Oct 2023 20:21:12 GMT
server: cloudflare
age: 122
etag: W/"65303e38-6a514"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=1200
cf-ray: 81889470efad4d6e-FRA
expires: Thu, 19 Oct 2023 11:31:21 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.9.0/css/ 55 KB
12 KB 35ms
19ms Stylesheet
text/css 2606:4700:e0::ac40:660b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/all.css
Requested by: Host: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/optin1679049460124
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:660b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://romaisa.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 6F4C87DZXFN7GDB9
age: 1058122
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xEqB7llcR7T8Az/pPeXngMS05hikMnyvi0MYYsPXoY55qYouzk5ZLwgBdiTKOdZLE4Kuuqg3G78=
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
server: cloudflare
etag: W/"dbf9d822cefe851ba6f66e1ad57e8987"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B1onpf7EuE4fZ%2BK81O9B7hDxmfk1rzSoOVDuPndsguhoPg4kDNA0cBQBfKEN6vlKCWDmG5qw3nzh74Hno8Hn7uoYdmfiDOdmJiwnfGlTUrcYF3zyMInyqP13vrWzBpaEpLEjaDJuyyispbrepN%2BN0oDq"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 81889470e8d81911-FRA

GET
H2 200 v4-shims.css
use.fontawesome.com/releases/v5.9.0/css/ 26 KB
5 KB 33ms
16ms Stylesheet
text/css 2606:4700:e0::ac40:660b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
Requested by: Host: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/optin1679049460124
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:660b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://romaisa.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 6F40C694Q614C19X
age: 1058119
alt-svc: h3=":443"; ma=86400
x-amz-id-2: kHcpC8WS6K4jW6PdK3CEVgyJIM2pgd/eOQr0rlz+iO93RHLvxDafyAJXEB9Uz/E/9+IWHlRf9GU=
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
server: cloudflare
etag: W/"e140a7d32f343530f016095df3cc2ae4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YI46URVmY81iLwk%2FH2ogCxFz8Mt9sGf%2B6DgIyTtSG4vzSJVX%2Blrb7f7kSRh4X3FjtvC7P1%2FgTp2hGj9fCBUMeZc7eyZsIkGTNfSLIAl13B7R36Z%2FY%2FVdrc3r5hUKZ5JQJXnOy8aPV7HjoTq5AG4Jpg2H"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 81889470e8dc1911-FRA

GET
H2 200 css
fonts.googleapis.com/ 47 KB
3 KB 40ms
18ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

Requested by

Host: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/optin1679049460124

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7dbb39ee6e87085cbbe32d363a4776b9b696e903226fddfc695b48e6b111691c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://romaisa.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 19 Oct 2023 11:11:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 19 Oct 2023 10:05:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 Oct 2023 11:11:21 GMT

GET
H2 200 application.js Show response
app.clickfunnels.com/assets/userevents/ 5 KB
2 KB 66ms
66ms Script
application/x-javascript 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/userevents/application.js
Requested by: Host: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/optin1679049460124
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a696b734193371073510c87df68430499c2f424ad3f7be42f586dc6aff78567b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://romaisa.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 18 Oct 2023 20:21:12 GMT
server: cloudflare
age: 123
etag: W/"65303e38-147c"
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
cf-ray: 8188947188ab4d6e-FRA
expires: Thu, 19 Oct 2023 11:31:21 GMT

GET
H2 200 lander.js Show response
app.clickfunnels.com/assets/ 2 MB
659 KB 104ms
87ms Script
application/x-javascript 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/lander.js
Requested by: Host: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/optin1679049460124
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb664ad9a54a92222cf7ca776e0d04b4bb3a3619b29204e2ad3f2b329edb6506

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://romaisa.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 18 Oct 2023 20:22:23 GMT
server: cloudflare
age: 1200
etag: W/"65303e7f-2371ac"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=1200
cf-ray: 81889470efb04d6e-FRA
expires: Thu, 19 Oct 2023 11:31:21 GMT

GET
H2 200 ClickfunnelsTag.png
images.clickfunnels.com/3d/392630953c4119a324492bb1c05778/ 5 KB
6 KB 65ms
48ms Image
image/webp 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.clickfunnels.com/3d/392630953c4119a324492bb1c05778/ClickfunnelsTag.png
Requested by: Host: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/optin1679049460124
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5dfa88a4dc8b6c0b834a62e45daee28a8dc37ed6ae7eb1545e4ed8b6382c0474

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://romaisa.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:21 GMT
cf-cache-status: HIT
x-amz-request-id: Q69XDP0ZG4M775F4
age: 4192
cf-polished: origFmt=png, origSize=9030
content-disposition: inline; filename="ClickfunnelsTag.webp"
content-length: 5276
x-amz-id-2: 2JGIaozQlnIATRY6Y/hPKvqjCDmGLOICyFb2TMFqtzWcdoVpc+K205gBrKoyR7X168Jb3p6ykoo=
cf-bgj: imgq:85,h2pri
last-modified: Fri, 03 Jan 2020 17:41:49 GMT
server: cloudflare
etag: "a633777156a5ffeb58c92d3d59fa4e34"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2073600
accept-ranges: bytes
cf-ray: 81889470efb34d6e-FRA
expires: Sun, 12 Nov 2023 11:11:21 GMT

GET
H2 200 pushcrew.js Show response
app.clickfunnels.com/assets/ 637 B
445 B 72ms
71ms Script
application/x-javascript 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/pushcrew.js
Requested by: Host: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/optin1679049460124
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://romaisa.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 18 Oct 2023 20:21:11 GMT
server: cloudflare
age: 1011
etag: W/"65303e37-27d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=1200
cf-ray: 8188947198b84d6e-FRA
expires: Thu, 19 Oct 2023 11:31:21 GMT

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 84ms
65ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/optin1679049460124
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://romaisa.clickfunnels.com/
Origin: https://romaisa.clickfunnels.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:21 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 81889471b9ea1c0b-FRA

GET
DATA 200
OK truncated
/ 26 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cf.js Show response
app.clickfunnels.com/ 18 KB
6 KB 101ms
101ms Script
application/x-javascript 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/cf.js
Requested by: Host: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/optin1679049460124
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://romaisa.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:22 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 18 Oct 2023 20:21:12 GMT
server: cloudflare
age: 3304
etag: W/"65303e38-476a"
vary: Accept-Encoding
content-type: application/x-javascript
cf-ray: 818894731a554d6e-FRA

GET /
track.addevent.com/atc/ 0
0

GET /
app.clickfunnels.com/userevents/ 0
0

GET
H2 200 cf-logo.png
romaisa.clickfunnels.com/funnels/paused-account/ 6 KB
6 KB 452ms
451ms Image
image/png 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://romaisa.clickfunnels.com/funnels/paused-account/cf-logo.png
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa64be7e67aeedc05d88ad037251e9ee7ab5a640c3d924e55fb72a498adbf255

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://romaisa.clickfunnels.com/optin1679049460124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:22 GMT
cf-cache-status: MISS
last-modified: Wed, 18 Oct 2023 20:21:12 GMT
server: cloudflare
etag: "65303e38-17c9"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
cf-ray: 81889473cb024d6e-FRA
content-length: 6089

GET
H2

200

closemodal.png
classic.clickfunnels.com/images/
Redirect Chain

https://www.clickfunnels.com/images/closemodal.png
https://classic.clickfunnels.com/images/closemodal.png

672 B
907 B

97ms
79ms

Image
image/webp

2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://classic.clickfunnels.com/images/closemodal.png
Protocol: H2
Server: 2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5216f197f782f4bb872e02a677986af90a488015910f8d3864b796ad68dbd389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://romaisa.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:22 GMT
cf-cache-status: HIT
age: 1185321
cf-polished: origFmt=png, origSize=788
content-disposition: inline; filename="closemodal.webp"
content-length: 672
last-modified: Wed, 27 Sep 2023 18:02:44 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "65146e44-314"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 818894748c284d6e-FRA
expires: Sun, 19 Nov 2023 11:11:22 GMT

Redirect headers

date: Thu, 19 Oct 2023 11:11:22 GMT
server: cloudflare
vary: Accept-Encoding
location: https://classic.clickfunnels.com/images/closemodal.png
cache-control: max-age=3600
cf-ray: 818894740c911e52-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 19 Oct 2023 12:11:22 GMT

GET track
app.clickfunnels.com/v1/ 0
0

POST
H2 204 rum Show response
romaisa.clickfunnels.com/cdn-cgi/ 0
168 B 25ms
24ms XHR
text/plain 2606:4700::6810:fc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://romaisa.clickfunnels.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:fc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://romaisa.clickfunnels.com/optin1679049460124
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: application/json

Response headers

date: Thu, 19 Oct 2023 11:11:22 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://romaisa.clickfunnels.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 818894746c054d6e-FRA

GET
H2 200 go.php Show response
scambinance.com/ 4 KB
2 KB 86ms
27ms Document
text/html 2606:4700:3034::ac43:ca53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br

Requested by

Host: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/optin1679049460124

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:ca53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffb429681b04b9fc95dde0d32279348d580e51d5af48da7944f23d29c2ac428c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://romaisa.clickfunnels.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-ray: 81889479f9623a6e-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 19 Oct 2023 11:11:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A4WlBNfE0KHKljVBvfdkvCke1LiV1O8iF21ZKvy21jXLUC9dZPqDTopg0PaSW8gPXAWsTC6%2FBdSalc2pIVwnU%2Fl1AdmvCCU2QACBoTpFkIyMemtdJFM4jTn4%2B6bC%2B0MWM20z5z6EgCSLfoWo3lM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

POST rum
romaisa.clickfunnels.com/cdn-cgi/ 0
0

GET
H2 200 cf.errors.css
scambinance.com/cdn-cgi/styles/ 24 KB
5 KB 9ms
8ms Stylesheet
text/css 2606:4700:3034::ac43:ca53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scambinance.com/cdn-cgi/styles/cf.errors.css

Requested by

Host: scambinance.com
URL: https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:ca53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2023 11:32:23 GMT
server: cloudflare
etag: W/"652d1f47-5e44"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8188947a29c83a6e-FRA
expires: Thu, 19 Oct 2023 13:11:23 GMT

GET
H2 200 icon-exclamation.png
scambinance.com/cdn-cgi/images/ 452 B
540 B 8ms
8ms Image
image/png 2606:4700:3034::ac43:ca53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://scambinance.com/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: scambinance.com
URL: https://scambinance.com/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:ca53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://scambinance.com/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 11:11:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2023 11:32:23 GMT
server: cloudflare
etag: "652d1f47-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8188947a49e23a6e-FRA
content-length: 452
expires: Thu, 19 Oct 2023 13:11:23 GMT

GET
H2

403

Primary Request go.php Show response
scambinance.com/
Redirect Chain

https://scambinance.com/cdn-cgi/phish-bypass?atok=6rQp4r4Sn4uOY18tWNQ1tctqTGHGbRbaK7lQWMvNrfo-1697713883-0-%2Fgo.php%3Furl%3Dhttps%3A%2F%2Fpostbankunden.uniqueinternacional.com.br
https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br

280 B
599 B

94ms
93ms

Document
text/html

2606:4700:3034::ac43:ca53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:ca53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 946a5c7038992b60d3cc7fb483fecfa882348e2cde01cdd2d6c8e44f0827418d

Request headers

Referer: https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8188948b2fc53a6e-FRA
content-encoding: br
content-type: text/html; charset=iso-8859-1
date: Thu, 19 Oct 2023 11:11:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zTApt7jFBgh9B5jPF6d%2FJi%2FPdlCIRjtdy3wFlutSkpkwpFDLQKpuISQiEdvXe5agNAxOeuz84hEdNrX2FXs8fTyODBeNyHGdoHIZozR%2BUBfU7Qz0fvABkT6dhyhARVV8gamu6zw3QWtSydkzMX4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

cache-control: private, no-cache
cf-ray: 8188948b1fb33a6e-FRA
content-length: 167
content-type: text/html
date: Thu, 19 Oct 2023 11:11:25 GMT
location: https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: track.addevent.com
URL: https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=196670b3-66b8-4d4f-0114-ae517d06353b&url=https%3A%2F%2Fromaisa.clickfunnels.com%2Foptin1679049460124&cache=1697713882095

Domain: app.clickfunnels.com
URL: https://app.clickfunnels.com/userevents/?funnel_id=Zy83T3JRZGFHaDRQVlVQamFsVkhUUT09LS1oY3NUOVdkcTl5Mmgxa2Q5eE44MVR3PT0%3D--4e12939874af6dc87ee6f849ed2012d769abe1e9&page_id=VXoyVVZmZnA4LzJuR3pqem9kQzl5QT09LS1ZZlA5eXgzenpSSG9LdDFmajFzUStBPT0%3D--b49cd9edef24dc5e379694418004b37eeae3d2cf&funnel_step_id=ay9icW53UUZ4Ukppa3p3ZENCVnRDZz09LS1NM3A4bFBWMTBmVlk4YVdLbGdZcHhnPT0%3D--191ec84965c3f4dc976f0ac9b862662691e6dc24&user_id=ZE4zWXdXbUNZY0ltTEgra0RoM2N1QT09LS1aYkt2SW5MdDQvOHNqaVl0SGduS3FBPT0%3D--383ebb1e78bd592ce58e822247bd8b850499c844&account_id=SkZnUFpIVWYzMHBJWXdLdUE4c2JwZz09LS1uY1BFZGd2SElGWkJ3NUtJYm5BWmdRPT0%3D--da78ecd48712c00bdc9273e5b4e18c55c9cf7666&page_code=NTg2NjI1Mjk%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::PageviewsCreatedSummary&nonce=e0297da5-9ee3-4e1a-8359-102c1b544ea0&url=https%3A%2F%2Fromaisa.clickfunnels.com%2Foptin1679049460124

Domain: app.clickfunnels.com
URL: https://app.clickfunnels.com/userevents/?funnel_id=Zy83T3JRZGFHaDRQVlVQamFsVkhUUT09LS1oY3NUOVdkcTl5Mmgxa2Q5eE44MVR3PT0%3D--4e12939874af6dc87ee6f849ed2012d769abe1e9&page_id=VXoyVVZmZnA4LzJuR3pqem9kQzl5QT09LS1ZZlA5eXgzenpSSG9LdDFmajFzUStBPT0%3D--b49cd9edef24dc5e379694418004b37eeae3d2cf&funnel_step_id=ay9icW53UUZ4Ukppa3p3ZENCVnRDZz09LS1NM3A4bFBWMTBmVlk4YVdLbGdZcHhnPT0%3D--191ec84965c3f4dc976f0ac9b862662691e6dc24&user_id=ZE4zWXdXbUNZY0ltTEgra0RoM2N1QT09LS1aYkt2SW5MdDQvOHNqaVl0SGduS3FBPT0%3D--383ebb1e78bd592ce58e822247bd8b850499c844&account_id=SkZnUFpIVWYzMHBJWXdLdUE4c2JwZz09LS1uY1BFZGd2SElGWkJ3NUtJYm5BWmdRPT0%3D--da78ecd48712c00bdc9273e5b4e18c55c9cf7666&page_code=NTg2NjI1Mjk%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniquePageviewsCreatedSummary&nonce=ffedb916-f2cf-4380-9454-3153e3780641&url=https%3A%2F%2Fromaisa.clickfunnels.com%2Foptin1679049460124

Domain: app.clickfunnels.com
URL: https://app.clickfunnels.com/userevents/?funnel_id=Zy83T3JRZGFHaDRQVlVQamFsVkhUUT09LS1oY3NUOVdkcTl5Mmgxa2Q5eE44MVR3PT0%3D--4e12939874af6dc87ee6f849ed2012d769abe1e9&page_id=VXoyVVZmZnA4LzJuR3pqem9kQzl5QT09LS1ZZlA5eXgzenpSSG9LdDFmajFzUStBPT0%3D--b49cd9edef24dc5e379694418004b37eeae3d2cf&funnel_step_id=ay9icW53UUZ4Ukppa3p3ZENCVnRDZz09LS1NM3A4bFBWMTBmVlk4YVdLbGdZcHhnPT0%3D--191ec84965c3f4dc976f0ac9b862662691e6dc24&user_id=ZE4zWXdXbUNZY0ltTEgra0RoM2N1QT09LS1aYkt2SW5MdDQvOHNqaVl0SGduS3FBPT0%3D--383ebb1e78bd592ce58e822247bd8b850499c844&account_id=SkZnUFpIVWYzMHBJWXdLdUE4c2JwZz09LS1uY1BFZGd2SElGWkJ3NUtJYm5BWmdRPT0%3D--da78ecd48712c00bdc9273e5b4e18c55c9cf7666&page_code=NTg2NjI1Mjk%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniqueVisitorsCreatedSummary&nonce=bbb15065-fd35-447d-8760-3d06c9967e4d&url=https%3A%2F%2Fromaisa.clickfunnels.com%2Foptin1679049460124

Domain: app.clickfunnels.com
URL: https://app.clickfunnels.com/v1/track?_unique=0.6757524380801887&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//romaisa.clickfunnels.com/optin1679049460124&_title=Postbank%20BestSign%20App&_key=7x438rtb&_page_key=povn6g1ew0z9uxb8&_fid=12866782&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://romaisa.clickfunnels.com/optin1679049460124&_referrer=

Domain: romaisa.clickfunnels.com
URL: https://romaisa.clickfunnels.com/cdn-cgi/rum?

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.clickfunnels.com/	1970-01-20 15:35:15	Name: __cf_bm Value: cOcmwp1Hr44q8e4pRnc4zLn0l7eaNeUfGNNLozqnluo-1697713881-0-ASByxuH/Dqa6mtH1iadZr785Jhq9peV+lb3Ne6JWXU3JivXnPF2ZWQCstY0R7pklqQ1knU8BNg3ATso803BFxNAhXjNqw28f5QxXBvHz0PqM
.clickfunnels.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Z282S__25vBB8Gmhc3Ys6g5XTRGHZEDAd0dg2VbM6EI-1697713881524-0-604800000
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: addevent_track_cookie Value: 196670b3-66b8-4d4f-0114-ae517d06353b
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:aff_sub2 Value:
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:aff_sub3 Value:
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:aff_sub Value:
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:affiliate_id Value:
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:cf_affiliate_id Value:
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:content Value:
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:medium Value:
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:name Value:
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:source Value:
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:term Value:
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:NTg2NjI1Mjk Value: :visited=true
romaisa.clickfunnels.com/	1970-01-21 00:20:49	Name: cf:visitor_id Value: e1a2d0ea-edc9-44a3-8f89-6419eadfd05e
.www.clickfunnels.com/	1970-01-20 15:35:15	Name: __cf_bm Value: I1xixJHdapn7h9mL.SR5QnDZB6HrinTFczO7cR9lff8-1697713882-0-AcahgQYXCMNidEoi46Hl0XuFpBJCXFOh3745QpkxC+NtqhWqAXedSnf9SfdJcfNFIJz05ml3lIIjKwXZ3HT2mas=
.scambinance.com/	1970-01-20 15:36:40	Name: __cf_mw_byp Value: 6rQp4r4Sn4uOY18tWNQ1tctqTGHGbRbaK7lQWMvNrfo-1697713883-0-/go.php?url=https://postbankunden.uniqueinternacional.com.br

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=196670b3-66b8-4d4f-0114-ae517d06353b&url=https%3A%2F%2Fromaisa.clickfunnels.com%2Foptin1679049460124&cache=1697713882095 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript	error	URL: https://romaisa.clickfunnels.com/optin1679049460124 Message: Access to XMLHttpRequest at 'https://app.clickfunnels.com/userevents/?funnel_id=Zy83T3JRZGFHaDRQVlVQamFsVkhUUT09LS1oY3NUOVdkcTl5Mmgxa2Q5eE44MVR3PT0%3D--4e12939874af6dc87ee6f849ed2012d769abe1e9&page_id=VXoyVVZmZnA4LzJuR3pqem9kQzl5QT09LS1ZZlA5eXgzenpSSG9LdDFmajFzUStBPT0%3D--b49cd9edef24dc5e379694418004b37eeae3d2cf&funnel_step_id=ay9icW53UUZ4Ukppa3p3ZENCVnRDZz09LS1NM3A4bFBWMTBmVlk4YVdLbGdZcHhnPT0%3D--191ec84965c3f4dc976f0ac9b862662691e6dc24&user_id=ZE4zWXdXbUNZY0ltTEgra0RoM2N1QT09LS1aYkt2SW5MdDQvOHNqaVl0SGduS3FBPT0%3D--383ebb1e78bd592ce58e822247bd8b850499c844&account_id=SkZnUFpIVWYzMHBJWXdLdUE4c2JwZz09LS1uY1BFZGd2SElGWkJ3NUtJYm5BWmdRPT0%3D--da78ecd48712c00bdc9273e5b4e18c55c9cf7666&page_code=NTg2NjI1Mjk%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniqueVisitorsCreatedSummary&nonce=bbb15065-fd35-447d-8760-3d06c9967e4d&url=https%3A%2F%2Fromaisa.clickfunnels.com%2Foptin1679049460124' from origin 'https://romaisa.clickfunnels.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://app.clickfunnels.com/userevents/?funnel_id=Zy83T3JRZGFHaDRQVlVQamFsVkhUUT09LS1oY3NUOVdkcTl5Mmgxa2Q5eE44MVR3PT0%3D--4e12939874af6dc87ee6f849ed2012d769abe1e9&page_id=VXoyVVZmZnA4LzJuR3pqem9kQzl5QT09LS1ZZlA5eXgzenpSSG9LdDFmajFzUStBPT0%3D--b49cd9edef24dc5e379694418004b37eeae3d2cf&funnel_step_id=ay9icW53UUZ4Ukppa3p3ZENCVnRDZz09LS1NM3A4bFBWMTBmVlk4YVdLbGdZcHhnPT0%3D--191ec84965c3f4dc976f0ac9b862662691e6dc24&user_id=ZE4zWXdXbUNZY0ltTEgra0RoM2N1QT09LS1aYkt2SW5MdDQvOHNqaVl0SGduS3FBPT0%3D--383ebb1e78bd592ce58e822247bd8b850499c844&account_id=SkZnUFpIVWYzMHBJWXdLdUE4c2JwZz09LS1uY1BFZGd2SElGWkJ3NUtJYm5BWmdRPT0%3D--da78ecd48712c00bdc9273e5b4e18c55c9cf7666&page_code=NTg2NjI1Mjk%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniqueVisitorsCreatedSummary&nonce=bbb15065-fd35-447d-8760-3d06c9967e4d&url=https%3A%2F%2Fromaisa.clickfunnels.com%2Foptin1679049460124 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://romaisa.clickfunnels.com/optin1679049460124 Message: Access to XMLHttpRequest at 'https://app.clickfunnels.com/userevents/?funnel_id=Zy83T3JRZGFHaDRQVlVQamFsVkhUUT09LS1oY3NUOVdkcTl5Mmgxa2Q5eE44MVR3PT0%3D--4e12939874af6dc87ee6f849ed2012d769abe1e9&page_id=VXoyVVZmZnA4LzJuR3pqem9kQzl5QT09LS1ZZlA5eXgzenpSSG9LdDFmajFzUStBPT0%3D--b49cd9edef24dc5e379694418004b37eeae3d2cf&funnel_step_id=ay9icW53UUZ4Ukppa3p3ZENCVnRDZz09LS1NM3A4bFBWMTBmVlk4YVdLbGdZcHhnPT0%3D--191ec84965c3f4dc976f0ac9b862662691e6dc24&user_id=ZE4zWXdXbUNZY0ltTEgra0RoM2N1QT09LS1aYkt2SW5MdDQvOHNqaVl0SGduS3FBPT0%3D--383ebb1e78bd592ce58e822247bd8b850499c844&account_id=SkZnUFpIVWYzMHBJWXdLdUE4c2JwZz09LS1uY1BFZGd2SElGWkJ3NUtJYm5BWmdRPT0%3D--da78ecd48712c00bdc9273e5b4e18c55c9cf7666&page_code=NTg2NjI1Mjk%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::PageviewsCreatedSummary&nonce=e0297da5-9ee3-4e1a-8359-102c1b544ea0&url=https%3A%2F%2Fromaisa.clickfunnels.com%2Foptin1679049460124' from origin 'https://romaisa.clickfunnels.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://app.clickfunnels.com/userevents/?funnel_id=Zy83T3JRZGFHaDRQVlVQamFsVkhUUT09LS1oY3NUOVdkcTl5Mmgxa2Q5eE44MVR3PT0%3D--4e12939874af6dc87ee6f849ed2012d769abe1e9&page_id=VXoyVVZmZnA4LzJuR3pqem9kQzl5QT09LS1ZZlA5eXgzenpSSG9LdDFmajFzUStBPT0%3D--b49cd9edef24dc5e379694418004b37eeae3d2cf&funnel_step_id=ay9icW53UUZ4Ukppa3p3ZENCVnRDZz09LS1NM3A4bFBWMTBmVlk4YVdLbGdZcHhnPT0%3D--191ec84965c3f4dc976f0ac9b862662691e6dc24&user_id=ZE4zWXdXbUNZY0ltTEgra0RoM2N1QT09LS1aYkt2SW5MdDQvOHNqaVl0SGduS3FBPT0%3D--383ebb1e78bd592ce58e822247bd8b850499c844&account_id=SkZnUFpIVWYzMHBJWXdLdUE4c2JwZz09LS1uY1BFZGd2SElGWkJ3NUtJYm5BWmdRPT0%3D--da78ecd48712c00bdc9273e5b4e18c55c9cf7666&page_code=NTg2NjI1Mjk%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::PageviewsCreatedSummary&nonce=e0297da5-9ee3-4e1a-8359-102c1b544ea0&url=https%3A%2F%2Fromaisa.clickfunnels.com%2Foptin1679049460124 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://romaisa.clickfunnels.com/optin1679049460124 Message: Access to XMLHttpRequest at 'https://app.clickfunnels.com/userevents/?funnel_id=Zy83T3JRZGFHaDRQVlVQamFsVkhUUT09LS1oY3NUOVdkcTl5Mmgxa2Q5eE44MVR3PT0%3D--4e12939874af6dc87ee6f849ed2012d769abe1e9&page_id=VXoyVVZmZnA4LzJuR3pqem9kQzl5QT09LS1ZZlA5eXgzenpSSG9LdDFmajFzUStBPT0%3D--b49cd9edef24dc5e379694418004b37eeae3d2cf&funnel_step_id=ay9icW53UUZ4Ukppa3p3ZENCVnRDZz09LS1NM3A4bFBWMTBmVlk4YVdLbGdZcHhnPT0%3D--191ec84965c3f4dc976f0ac9b862662691e6dc24&user_id=ZE4zWXdXbUNZY0ltTEgra0RoM2N1QT09LS1aYkt2SW5MdDQvOHNqaVl0SGduS3FBPT0%3D--383ebb1e78bd592ce58e822247bd8b850499c844&account_id=SkZnUFpIVWYzMHBJWXdLdUE4c2JwZz09LS1uY1BFZGd2SElGWkJ3NUtJYm5BWmdRPT0%3D--da78ecd48712c00bdc9273e5b4e18c55c9cf7666&page_code=NTg2NjI1Mjk%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniquePageviewsCreatedSummary&nonce=ffedb916-f2cf-4380-9454-3153e3780641&url=https%3A%2F%2Fromaisa.clickfunnels.com%2Foptin1679049460124' from origin 'https://romaisa.clickfunnels.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://app.clickfunnels.com/userevents/?funnel_id=Zy83T3JRZGFHaDRQVlVQamFsVkhUUT09LS1oY3NUOVdkcTl5Mmgxa2Q5eE44MVR3PT0%3D--4e12939874af6dc87ee6f849ed2012d769abe1e9&page_id=VXoyVVZmZnA4LzJuR3pqem9kQzl5QT09LS1ZZlA5eXgzenpSSG9LdDFmajFzUStBPT0%3D--b49cd9edef24dc5e379694418004b37eeae3d2cf&funnel_step_id=ay9icW53UUZ4Ukppa3p3ZENCVnRDZz09LS1NM3A4bFBWMTBmVlk4YVdLbGdZcHhnPT0%3D--191ec84965c3f4dc976f0ac9b862662691e6dc24&user_id=ZE4zWXdXbUNZY0ltTEgra0RoM2N1QT09LS1aYkt2SW5MdDQvOHNqaVl0SGduS3FBPT0%3D--383ebb1e78bd592ce58e822247bd8b850499c844&account_id=SkZnUFpIVWYzMHBJWXdLdUE4c2JwZz09LS1uY1BFZGd2SElGWkJ3NUtJYm5BWmdRPT0%3D--da78ecd48712c00bdc9273e5b4e18c55c9cf7666&page_code=NTg2NjI1Mjk%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniquePageviewsCreatedSummary&nonce=ffedb916-f2cf-4380-9454-3153e3780641&url=https%3A%2F%2Fromaisa.clickfunnels.com%2Foptin1679049460124 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://romaisa.clickfunnels.com/optin1679049460124 Message: Access to XMLHttpRequest at 'https://app.clickfunnels.com/v1/track?_unique=0.6757524380801887&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//romaisa.clickfunnels.com/optin1679049460124&_title=Postbank%20BestSign%20App&_key=7x438rtb&_page_key=povn6g1ew0z9uxb8&_fid=12866782&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://romaisa.clickfunnels.com/optin1679049460124&_referrer=' from origin 'https://romaisa.clickfunnels.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://app.clickfunnels.com/v1/track?_unique=0.6757524380801887&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//romaisa.clickfunnels.com/optin1679049460124&_title=Postbank%20BestSign%20App&_key=7x438rtb&_page_key=povn6g1ew0z9uxb8&_fid=12866782&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://romaisa.clickfunnels.com/optin1679049460124&_referrer= Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://scambinance.com/go.php?url=https://postbankunden.uniqueinternacional.com.br Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.clickfunnels.com
classic.clickfunnels.com
fonts.googleapis.com
images.clickfunnels.com
romaisa.clickfunnels.com
scambinance.com
static.cloudflareinsights.com
track.addevent.com
use.fontawesome.com
www.clickfunnels.com
app.clickfunnels.com
romaisa.clickfunnels.com
track.addevent.com
2606:4700:3034::ac43:ca53
2606:4700:4400::6812:27b5
2606:4700::6810:3865
2606:4700::6810:fc2
2606:4700:e0::ac40:660b
2a00:1450:4001:80b::200a
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
5216f197f782f4bb872e02a677986af90a488015910f8d3864b796ad68dbd389
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542
5dfa88a4dc8b6c0b834a62e45daee28a8dc37ed6ae7eb1545e4ed8b6382c0474
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d
7dbb39ee6e87085cbbe32d363a4776b9b696e903226fddfc695b48e6b111691c
946a5c7038992b60d3cc7fb483fecfa882348e2cde01cdd2d6c8e44f0827418d
9bbbd2efb4f96236508ac0f771c311fbe604040fa94d1747a92d9d68af18f089
a696b734193371073510c87df68430499c2f424ad3f7be42f586dc6aff78567b
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d
cb664ad9a54a92222cf7ca776e0d04b4bb3a3619b29204e2ad3f2b329edb6506
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422
fa64be7e67aeedc05d88ad037251e9ee7ab5a640c3d924e55fb72a498adbf255
ffb429681b04b9fc95dde0d32279348d580e51d5af48da7944f23d29c2ac428c

scambinance.com Open in urlscan Pro 2606:4700:3034::ac43:ca53 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

24 Requests

71 %HTTPS

100 %IPv6

6 Domains

10 Subdomains

6 IPs

2 Countries

798 kBTransfer

2943 kBSize

17 Cookies

0 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

17 Cookies

10 Console Messages

Indicators

scambinance.com Open in urlscan Pro
2606:4700:3034::ac43:ca53 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

71 %
HTTPS

100 %
IPv6

6
Domains

10
Subdomains

6
IPs

2
Countries

798 kB
Transfer

2943 kB
Size

17
Cookies

24 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!