ThreatFox IOC Database
You are viewing the ThreatFox database entry for domain clicky.com.
Database Entry
| IOC ID: | 1837068 |
|---|---|
| IOC: | clicky.com |
| IOC Type : | domain |
| Threat Type : | payload_delivery |
| Malware: | Unknown malware |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS13335 CLOUDFLARENET |
| Country: |  US |
| First seen: | 2026-06-25 03:13:24 UTC |
| Last seen: | never |
| UUID: | 13a75826-6ffb-11f1-97fa-42010aa4000a |
| Reporter | Anonymous |
| Reward | 5 credits from ThreatFox |
| Tags: | gray script tracker unmalicious |
Anonymous
Here's the full privacy report/message for Clicky:Domain: clicky.com
Tracking Script: https://static.getclicky.com/js
Report:
Clicky (getclicky.com) is a third-party web analytics and tracking service that deploys persistent JavaScript tracking scripts across thousands of third-party websites. The service collects and processes extensive user data without adequate informed consent mechanisms, violating user privacy at scale.
Data collected without explicit consent includes:
Full session recording — every click, scroll, mouse movement, and interaction recorded in real time
Individual user tracking — tracks unique visitors individually rather than anonymized aggregates
IP address logging — captures and stores raw IP addresses linked to behavior profiles
Browser fingerprinting — collects user agent, screen resolution, browser plugins, timezone, language and other fingerprint vectors
Referrer tracking — logs full referrer URLs revealing browsing history context
Geolocation data — derives precise location from IP without consent
On-site behavior profiling — builds detailed profiles of individual user behavior patterns
Cross-session persistence — tracks returning visitors across multiple sessions via cookies and local storage
Real-time surveillance — live visitor monitoring dashboard exposes individual user activity in real time to site operators
Heatmap data collection — records interaction patterns across page elements
Goal and conversion tracking — monitors and records specific user actions and conversions
Privacy violations:
No standardized consent banner or opt-out mechanism enforced at script level
Data collected before any consent is given upon page load
No user-facing transparency about data collection scope
Individual-level tracking rather than privacy-preserving aggregation
Raw IP storage violates GDPR Article 4 definition of personal data
No data minimization — collects far beyond what is necessary
Third party script executes automatically with no user awareness
Session recordings capture sensitive form interactions and personal data entry
No clear data retention limits disclosed
Opt-out mechanism buried and non-standardized across deployments
Applicable regulations violated:
GDPR Articles 5, 6, 7, 13 — lawful basis, consent, transparency
ePrivacy Directive — cookie and tracking consent
CCPA — California consumer privacy rights
PECR — UK privacy regulations