urlscan.io logo urlscan.io
SecurityTrails logo

www.onclickclear.com Open in urlscan Pro
35.201.122.94  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://futureinsurance.ca/pcrY8//5b25671f4229c2abb9bb219f5725c316/fcb/en/?i=3540623&i=3540623
Effective URL: http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318
Submission: On July 19 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 35.201.122.94, located in Ann Arbor, United States and belongs to GOOGLE - Google LLC, US. The main domain is www.onclickclear.com.
This is the only time www.onclickclear.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 107.180.41.48 26496 (AS-26496-...)
1 2400:cb00:204... 13335 (CLOUDFLAR...)
1 1 185.66.200.164 201702 (SKHOSTING-EU)
1 185.66.200.163 201702 (SKHOSTING-EU)
2 35.201.122.94 15169 (GOOGLE)
5 4
1    107.180.41.48 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-107-180-41-48.ip.secureserver.net
futureinsurance.ca
1    2400:cb00:2048:1::6818:692c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
naban.xyz
1    185.66.200.164 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.164.skhosting.eu
ylx-4.com
1    185.66.200.163 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.163.skhosting.eu
redir.ylx-4.com
2    35.201.122.94 (Ann Arbor, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 94.122.201.35.bc.googleusercontent.com
www.onclickclear.com
Domain Requested by
2 www.onclickclear.com redir.ylx-4.com
www.onclickclear.com
1 redir.ylx-4.com
1 ylx-4.com 1 redirects
1 naban.xyz futureinsurance.ca
1 futureinsurance.ca
5 5

This site contains no links.

Subject Issuer Validity Valid

This page contains 2 frames:

Frame: http://www.onclickclear.com/jump/next.php?stamat=m%7C%2CQ4iL6YiKqB1dAN0dEdHP3xP.c52%2ChZSynT8Hp32tF5HsvLyywrm6EsnF4NBxFr1TmHJizjDgOB2ELOI8AzjOcK7fJ61NfAwqNEym5OFEzgD1hvB5Rw2y5v2-jvjw8clwBUQNZiw%2C&cbrandom=0.631828012523258&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fredir.ylx-4.com%2F%3Fhttp%3A%2F%2Fwww.onclickclear.com%2Fjump%2Fnext.php%3Fr%3D306951%26sub1%3D961318
Frame ID: 45142950E7CBB88AE840499AD2729FD7
Requests: 4 HTTP requests in this frame

Frame: http://naban.xyz///5b25671f4229c2abb9bb219f5725c316/fcb/en/?i=3540623&i=3540623
Frame ID: E6C76E87FD04103E1297AFAD64DF09A2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://futureinsurance.ca/pcrY8//5b25671f4229c2abb9bb219f5725c316/fcb/en/?i=3540623&i=3540623 Page URL
  2. http://ylx-4.com/fullpage.php?section=Redirected_Desktop_Traffic&pub=961318&ga=g HTTP 302
    http://redir.ylx-4.com/?http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318 Page URL
  3. http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

5
Requests

0 %
HTTPS

20 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

3 kB
Transfer

6 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://futureinsurance.ca/pcrY8//5b25671f4229c2abb9bb219f5725c316/fcb/en/?i=3540623&i=3540623 Page URL
  2. http://ylx-4.com/fullpage.php?section=Redirected_Desktop_Traffic&pub=961318&ga=g HTTP 302
    http://redir.ylx-4.com/?http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318 Page URL
  3. http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://ylx-4.com/fullpage.php?section=Redirected_Desktop_Traffic&pub=961318&ga=g HTTP 302
  • http://redir.ylx-4.com/?http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
futureinsurance.ca/pcrY8//5b25671f4229c2abb9bb219f5725c316/fcb/en/ 		881 B
666 B 		Document
General
Check archive.org
Download Go to
Full URL
http://futureinsurance.ca/pcrY8//5b25671f4229c2abb9bb219f5725c316/fcb/en/?i=3540623&i=3540623
Protocol
HTTP/1.1
Server
107.180.41.48 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-107-180-41-48.ip.secureserver.net
Software
Apache / PHP/5.4.45
Resource Hash
a618ac335e09fc0a3717d4e4b9f23ece6993770c0ee60f363d3030d12c06cfb9

Request headers

Host
futureinsurance.ca
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
45142950E7CBB88AE840499AD2729FD7

Response headers

Date
Thu, 19 Jul 2018 03:42:22 GMT
Server
Apache
X-Powered-By
PHP/5.4.45
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Content-Length
417
Keep-Alive
timeout=5
Connection
Keep-Alive
Content-Type
text/html
Cookie set /
naban.xyz///5b25671f4229c2abb9bb219f5725c316/fcb/en/ Frame E6C7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://naban.xyz///5b25671f4229c2abb9bb219f5725c316/fcb/en/?i=3540623&i=3540623
Requested by
Host: futureinsurance.ca
URL: http://futureinsurance.ca/pcrY8//5b25671f4229c2abb9bb219f5725c316/fcb/en/?i=3540623&i=3540623
Protocol
HTTP/1.1
Server
2400:cb00:2048:1::6818:692c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/5.6.36
Resource Hash

Request headers

Host
naban.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://futureinsurance.ca/pcrY8//5b25671f4229c2abb9bb219f5725c316/fcb/en/?i=3540623&i=3540623
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
45142950E7CBB88AE840499AD2729FD7
Referer
http://futureinsurance.ca/pcrY8//5b25671f4229c2abb9bb219f5725c316/fcb/en/?i=3540623&i=3540623

Response headers

Date
Thu, 19 Jul 2018 03:42:23 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d30df72bee5d113dbb994bc83d65b4e5f1531971743; expires=Fri, 19-Jul-19 03:42:23 GMT; path=/; domain=.naban.xyz; HttpOnly
X-Powered-By
PHP/5.6.36
Server
cloudflare
CF-RAY
43ca2d81f5fb64ab-FRA
Content-Encoding
gzip
/
redir.ylx-4.com/
Redirect Chain
  • http://ylx-4.com/fullpage.php?section=Redirected_Desktop_Traffic&pub=961318&ga=g
  • http://redir.ylx-4.com/?http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318
382 B
450 B 		Document
General
Check archive.org
Download Go to
Full URL
http://redir.ylx-4.com/?http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318
Protocol
HTTP/1.1
Server
185.66.200.163 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.163.skhosting.eu
Software
nginx /
Resource Hash

Request headers

Host
redir.ylx-4.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://naban.xyz/pubs.php
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
45142950E7CBB88AE840499AD2729FD7
Referer
http://naban.xyz/pubs.php

Response headers

Server
nginx
Date
Thu, 19 Jul 2018 03:42:23 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Thu, 19 Jul 2018 03:42:23 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Expires
Sun, 01 Jan 1900 00:00:00 GMT
Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Pragma
no-cache
X-Robots-Tag
noindex,nofollow
Location
http://redir.ylx-4.com/?http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318
Primary Request next.php
www.onclickclear.com/jump/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318
Requested by
Host: redir.ylx-4.com
URL: http://redir.ylx-4.com/?http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318
Protocol
HTTP/1.1
Server
35.201.122.94 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
94.122.201.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
8ace0e883b264c8861f848771e34682b7e56c02bcb4d1ac4d060599e47ac5feb

Request headers

Host
www.onclickclear.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://redir.ylx-4.com/?http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
45142950E7CBB88AE840499AD2729FD7
Referer
http://redir.ylx-4.com/?http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318

Response headers

Server
openresty
Date
Thu, 19 Jul 2018 03:42:24 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Vary
Accept-Encoding
Referrer-Policy
no-referrer
Link
<//www.onclickclear.com>; rel=dns-prefetch,<//www.onclickclear.com>; rel=preconnect
Content-Encoding
gzip
Via
1.1 google
next.php
www.onclickclear.com/jump/ 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://www.onclickclear.com/jump/next.php?stamat=m%7C%2CQ4iL6YiKqB1dAN0dEdHP3xP.c52%2ChZSynT8Hp32tF5HsvLyywrm6EsnF4NBxFr1TmHJizjDgOB2ELOI8AzjOcK7fJ61NfAwqNEym5OFEzgD1hvB5Rw2y5v2-jvjw8clwBUQNZiw%2C&cbrandom=0.631828012523258&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fredir.ylx-4.com%2F%3Fhttp%3A%2F%2Fwww.onclickclear.com%2Fjump%2Fnext.php%3Fr%3D306951%26sub1%3D961318
Requested by
Host: www.onclickclear.com
URL: http://www.onclickclear.com/jump/next.php?r=306951&sub1=961318
Protocol
HTTP/1.1
Server
35.201.122.94 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
94.122.201.35.bc.googleusercontent.com
Software
openresty /
Resource Hash

Request headers

Host
www.onclickclear.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
45142950E7CBB88AE840499AD2729FD7

Response headers

Server
openresty
Date
Thu, 19 Jul 2018 03:42:24 GMT
Referrer-Policy
no-referrer
Vary
Accept-Encoding
Via
1.1 google

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| inIframe function| checkDocumentBody function| documentAsyncWriteElementFromHtml undefined| ufp function| ReopenUrlBuilder function| preppopedRedirect

1 Cookies

Domain/Path Name / Value
.naban.xyz/ Name: __cfduid
Value: d30df72bee5d113dbb994bc83d65b4e5f1531971743

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

futureinsurance.ca
naban.xyz
redir.ylx-4.com
www.onclickclear.com
ylx-4.com
107.180.41.48
185.66.200.163
185.66.200.164
2400:cb00:2048:1::6818:692c
35.201.122.94
8ace0e883b264c8861f848771e34682b7e56c02bcb4d1ac4d060599e47ac5feb
a618ac335e09fc0a3717d4e4b9f23ece6993770c0ee60f363d3030d12c06cfb9