www.onclickclear.com
Open in
urlscan Pro
35.201.122.94
Public Scan
Effective URL: https://www.onclickclear.com/jump/next.php?r=1806311&pub_clickid=3887196660984426479123882155&sub1=35eb5ac9f85367d586cd56f96b...
Submission: On January 06 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 1st 2021. Valid for: a year.
This is the only time www.onclickclear.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 4 | 64.190.62.111 64.190.62.111 | 47846 (SEDO-AS) (SEDO-AS) | |
1 | 205.234.175.175 205.234.175.175 | 30081 (CACHENETW...) (CACHENETWORKS) | |
1 1 | 173.239.53.32 173.239.53.32 | 36057 (WEBAIR-IN...) (WEBAIR-INTERNET-MTL) | |
2 | 3.33.239.202 3.33.239.202 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 35.201.122.94 35.201.122.94 | 15169 (GOOGLE) (GOOGLE) | |
7 | 4 |
ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net
img.sedoparking.com |
ASN16509 (AMAZON-02, US)
PTR: a4e2909a0d7f91ad3.awsglobalaccelerator.com
fadverdirect.com |
ASN15169 (GOOGLE, US)
PTR: 94.122.201.35.bc.googleusercontent.com
www.onclickclear.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
cpitalone.top
2 redirects
cpitalone.top |
3 KB |
2 |
onclickclear.com
www.onclickclear.com — Cisco Umbrella Rank: 726694 |
3 KB |
2 |
fadverdirect.com
fadverdirect.com — Cisco Umbrella Rank: 87366 |
26 KB |
1 |
sedodna.com
1 redirects
xml.sedodna.com — Cisco Umbrella Rank: 282671 |
642 B |
1 |
sedoparking.com
img.sedoparking.com — Cisco Umbrella Rank: 51146 |
5 KB |
7 | 5 |
Domain | Requested by | |
---|---|---|
4 | cpitalone.top |
2 redirects
cpitalone.top
|
2 | www.onclickclear.com |
www.onclickclear.com
|
2 | fadverdirect.com |
cpitalone.top
|
1 | xml.sedodna.com | 1 redirects |
1 | img.sedoparking.com |
cpitalone.top
|
7 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fadverdirect.com Sectigo RSA Domain Validation Secure Server CA |
2021-05-04 - 2022-06-03 |
a year | crt.sh |
onclickclear.com Sectigo RSA Domain Validation Secure Server CA |
2021-11-01 - 2022-11-01 |
a year | crt.sh |
This page contains 1 frames:
Frame:
https://www.onclickclear.com/jump/next.php?stamat=m%257CFSYiP-d2aQdHQAH0dEdHP3xP.600%252C7H0PozvLiGV-YkDx825CHnA5Nr8NMekTU9IOiheCeh4qLYKHwgQrf-9PMx2lc6YjKg_pwtjLuXCW8IGNS2wnYHRwu7QfPlpbNlD3_WIC50MXmkDkexKno6rnxlFiGt5_JzzSMdl4a2l-RP4KrGI5-pwGbMEOsxSgKIRuJagZ8dI%252C&cbur=0.1377182604756606&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Ffadverdirect.com%2F
Frame ID: 9866E5B0992ADE65540273A77CE518EC
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://cpitalone.top/ Page URL
-
http://cpitalone.top/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DIkoSFjwC3Kk...
HTTP 302
http://cpitalone.top/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DIkoSFjwC3Kk... HTTP 302
http://xml.sedodna.com/click?i=IkoSFjwC3Kk_0 HTTP 302
https://fadverdirect.com/bdv_rd.dbm?ownid=klg.vmlozgrkx&enparms2=9173%2C2066843%2C3350535%2C9124%2C91... Page URL
- https://fadverdirect.com/bdv_rd3.dbm?frdto=674235 Page URL
- https://www.onclickclear.com/jump/next.php?r=1806311&pub_clickid=3887196660984426479123882155&sub1=35eb5a... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://cpitalone.top/ Page URL
-
http://cpitalone.top/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DIkoSFjwC3Kk_0&v=YmMyMTRlNjY1NGE1Mzk3ZjBmZWU0MTgyZThmMDcwZjcJMQljcGl0YWxvbmUudG9wNjFkNjZkNWFjN2FmZjguNTg5NDY1MDcJY3BpdGFsb25lLnRvcDYxZDY2ZDVhYzdiMmQyLjk2NDA4MDU0CTE2NDE0NDI2NTIJYWRfNjNfMA==&l=OAk0MDFmYzc3OTI2MDU5MzAxYWI4OGM2ZTdhNjg1YjgxMAkwCTQwCTAJNDBhMjBjMWI5OTFkYzBlNWM0NTJhMWIxZDk2OWJhZDMJMzg1NjgzOTM1CWNwaXRhbG9uZQkwCTYzCTMyCTM3CTE2NDE0NDI2NTIJMC4wMDA5MDkJTgkwCTEJMTgwNQkxMjA1CTM3MzI3MDI1Nwk5MS4yMzguODIuMTU1CTA%3D
HTTP 302
http://cpitalone.top/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DIkoSFjwC3Kk_0&v=YmMyMTRlNjY1NGE1Mzk3ZjBmZWU0MTgyZThmMDcwZjcJMQljcGl0YWxvbmUudG9wNjFkNjZkNWFjN2FmZjguNTg5NDY1MDcJY3BpdGFsb25lLnRvcDYxZDY2ZDVhYzdiMmQyLjk2NDA4MDU0CTE2NDE0NDI2NTIJYWRfNjNfMA==&l=OAk0MDFmYzc3OTI2MDU5MzAxYWI4OGM2ZTdhNjg1YjgxMAkwCTQwCTAJNDBhMjBjMWI5OTFkYzBlNWM0NTJhMWIxZDk2OWJhZDMJMzg1NjgzOTM1CWNwaXRhbG9uZQkwCTYzCTMyCTM3CTE2NDE0NDI2NTIJMC4wMDA5MDkJTgkwCTEJMTgwNQkxMjA1CTM3MzI3MDI1Nwk5MS4yMzguODIuMTU1CTA%3D HTTP 302
http://xml.sedodna.com/click?i=IkoSFjwC3Kk_0 HTTP 302
https://fadverdirect.com/bdv_rd.dbm?ownid=klg.vmlozgrkx&enparms2=9173%2C2066843%2C3350535%2C9124%2C9125%2C11423%2C9174%2C0%2C0%2C9128%2C0%2C2064454%2C674235%2C50854%2C115423453719%2C206235750%2Cklg.vmlozgrkx&u_agnt=a2fdad25d911a8a4b39828759d282361&skter=tmrkklsh%20vml%20ozgrkzx%2Cmrtlo%20vml%20ozgrkzx%2Cpmzy%20vml%20ozgrkzx%2C063%20vml%20ozgrkzx%2Cvmlozgrkzx%2Cvml%20ozgrkzx%2Cvmlozgrkx&czero=-1&cstate=mvhhvs&skwdb=MLI&ccntry=VW&cctid=384&chsh=35eb5ac9f85367d586cd56f96b42f2e3&rn=303024244189&cf=24&frdto=674235 Page URL
- https://fadverdirect.com/bdv_rd3.dbm?frdto=674235 Page URL
- https://www.onclickclear.com/jump/next.php?r=1806311&pub_clickid=3887196660984426479123882155&sub1=35eb5ac9f85367d586cd56f96b42f2e3 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- http://cpitalone.top/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DIkoSFjwC3Kk_0&v=YmMyMTRlNjY1NGE1Mzk3ZjBmZWU0MTgyZThmMDcwZjcJMQljcGl0YWxvbmUudG9wNjFkNjZkNWFjN2FmZjguNTg5NDY1MDcJY3BpdGFsb25lLnRvcDYxZDY2ZDVhYzdiMmQyLjk2NDA4MDU0CTE2NDE0NDI2NTIJYWRfNjNfMA==&l=OAk0MDFmYzc3OTI2MDU5MzAxYWI4OGM2ZTdhNjg1YjgxMAkwCTQwCTAJNDBhMjBjMWI5OTFkYzBlNWM0NTJhMWIxZDk2OWJhZDMJMzg1NjgzOTM1CWNwaXRhbG9uZQkwCTYzCTMyCTM3CTE2NDE0NDI2NTIJMC4wMDA5MDkJTgkwCTEJMTgwNQkxMjA1CTM3MzI3MDI1Nwk5MS4yMzguODIuMTU1CTA%3D HTTP 302
- http://cpitalone.top/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DIkoSFjwC3Kk_0&v=YmMyMTRlNjY1NGE1Mzk3ZjBmZWU0MTgyZThmMDcwZjcJMQljcGl0YWxvbmUudG9wNjFkNjZkNWFjN2FmZjguNTg5NDY1MDcJY3BpdGFsb25lLnRvcDYxZDY2ZDVhYzdiMmQyLjk2NDA4MDU0CTE2NDE0NDI2NTIJYWRfNjNfMA==&l=OAk0MDFmYzc3OTI2MDU5MzAxYWI4OGM2ZTdhNjg1YjgxMAkwCTQwCTAJNDBhMjBjMWI5OTFkYzBlNWM0NTJhMWIxZDk2OWJhZDMJMzg1NjgzOTM1CWNwaXRhbG9uZQkwCTYzCTMyCTM3CTE2NDE0NDI2NTIJMC4wMDA5MDkJTgkwCTEJMTgwNQkxMjA1CTM3MzI3MDI1Nwk5MS4yMzguODIuMTU1CTA%3D HTTP 302
- http://xml.sedodna.com/click?i=IkoSFjwC3Kk_0 HTTP 302
- https://fadverdirect.com/bdv_rd.dbm?ownid=klg.vmlozgrkx&enparms2=9173%2C2066843%2C3350535%2C9124%2C9125%2C11423%2C9174%2C0%2C0%2C9128%2C0%2C2064454%2C674235%2C50854%2C115423453719%2C206235750%2Cklg.vmlozgrkx&u_agnt=a2fdad25d911a8a4b39828759d282361&skter=tmrkklsh%20vml%20ozgrkzx%2Cmrtlo%20vml%20ozgrkzx%2Cpmzy%20vml%20ozgrkzx%2C063%20vml%20ozgrkzx%2Cvmlozgrkzx%2Cvml%20ozgrkzx%2Cvmlozgrkx&czero=-1&cstate=mvhhvs&skwdb=MLI&ccntry=VW&cctid=384&chsh=35eb5ac9f85367d586cd56f96b42f2e3&rn=303024244189&cf=24&frdto=674235
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
cpitalone.top/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_preloader.gif
img.sedoparking.com/images/ |
4 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tsc.php
cpitalone.top/search/ |
0 175 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bdv_rd.dbm
fadverdirect.com/ Redirect Chain
|
24 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
bdv_rd3.dbm
fadverdirect.com/ |
878 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
next.php
www.onclickclear.com/jump/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
next.php
www.onclickclear.com/jump/ |
0 0 |
Document
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| inIframe function| checkDocumentBody function| documentAsyncWriteElementFromHtml function| ReopenUrlBuilder object| browser function| isFraud function| preppopedRedirect2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
fadverdirect.com/ | Name: CF1604fd084b8a0bdcfb32308e28ef9dc4 Value: 1641442647000 |
|
fadverdirect.com/ | Name: C1604fd084b8a0bdcfb32308e28ef9dc4_js Value: 1641529053298 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cpitalone.top
fadverdirect.com
img.sedoparking.com
www.onclickclear.com
xml.sedodna.com
173.239.53.32
205.234.175.175
3.33.239.202
35.201.122.94
64.190.62.111
5326e5747b13f56f9d9afa6655a5589809b0cf9eb375b5fefa1ae94357a809c0
5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
abdefa65a894479f51849e91534e2904c492c75cb4cc1e016e4f2b54bd41a3bf
b56c201148ceea48d5482e803e8086c73f70287db5fb8f040bf4f3a272a9c2d6
f58fbec523ef6fead36357a428940734a266229e11245a4d282e0b5fc169fadf