urlscan.io logo urlscan.io
SecurityTrails logo

clicktocr.info Open in urlscan Pro
185.254.198.31  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://pxisghql.www.maypertamina.subsiditepat.id/
Effective URL: https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284a83&uclick=xi2ta2a16...
Submission: On May 27 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 7 domains to perform 10 HTTP transactions. The main IP is 185.254.198.31, located in New York, United States and belongs to YURTEH-AS Virtual Systems LLC, UA. The main domain is clicktocr.info.
TLS certificate: Issued by E6 on April 13th 2025. Valid for: 3 months.
This is the only time clicktocr.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 172.233.219.123 63949 (AKAMAI-LI...)
1 2600:3c06::f0... 63949 (AKAMAI-LI...)
1 1 157.90.33.78 24940 (HETZNER-A...)
1 1 116.202.12.61 24940 (HETZNER-A...)
3 185.254.198.31 30860 (YURTEH-AS...)
1 157.90.33.72 24940 (HETZNER-A...)
10 5
1    172.233.219.123 (Chicago, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: viridian02.parklogic.com
pxisghql.www.maypertamina.subsiditepat.id
1    2600:3c06::f03c:95ff:fedc:7282 (Chicago, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
router.parklogic.com
1    157.90.33.78 (Ismaning, Germany)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: psh5.1push.io
upuplets.com
1    116.202.12.61 (Nuremberg, Germany)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: binom.cloud
roiprofit100.info
3    185.254.198.31 (New York, United States)

ASN30860 (YURTEH-AS Virtual Systems LLC, UA)
PTR: mail.fiberiatrade.com
clicktocr.info
1    157.90.33.72 (Ismaning, Germany)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: sub2.1push.io
push-sdk.com
Apex Domain
Subdomains		 Transfer
3 clicktocr.info
clicktocr.info
22 KB
1 push-sdk.com
push-sdk.com — Cisco Umbrella Rank: 47880
15 KB
1 roiprofit100.info
roiprofit100.info
461 B
1 upuplets.com
upuplets.com — Cisco Umbrella Rank: 73118
445 B
1 parklogic.com
router.parklogic.com — Cisco Umbrella Rank: 127805
864 B
1 subsiditepat.id
pxisghql.www.maypertamina.subsiditepat.id
3 KB
0 uidsync.net Failed
uidsync.net Failed
10 7
Domain Requested by
3 clicktocr.info pxisghql.www.maypertamina.subsiditepat.id
clicktocr.info
1 push-sdk.com clicktocr.info
push-sdk.com
1 roiprofit100.info 1 redirects
1 upuplets.com 1 redirects
1 router.parklogic.com pxisghql.www.maypertamina.subsiditepat.id
1 pxisghql.www.maypertamina.subsiditepat.id
0 uidsync.net Failed push-sdk.com
10 7

This site contains links to these domains. Also see Links.

Domain
roiprofit100.info
Subject Issuer Validity Valid
pxisghql.www.maypertamina.subsiditepat.id
R10		 2025-05-27 -
2025-08-25		 3 months crt.sh
router-lb01.parklogic.com
E5		 2025-04-29 -
2025-07-28		 3 months crt.sh
clicktocr.info
E6		 2025-04-13 -
2025-07-12		 3 months crt.sh
push-sdk.com
R11		 2025-04-06 -
2025-07-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284a83&uclick=xi2ta2a16o&uclickhash=xi2ta2a16o-xi2ta2a16o-2tdudz-0-fnxodz-dvzwi4-dvdv3y-f360d6
Frame ID: CC83157BD69A94C1DE8DF09A50206E7A
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Your Phone Has Been Compromised

Page URL History Show full URLs

  1. http://pxisghql.www.maypertamina.subsiditepat.id/ HTTP 307
    https://pxisghql.www.maypertamina.subsiditepat.id/ Page URL
  2. https://upuplets.com/r/66-LHGZvxt9XmEmmzU6TAQkbGqQzRgJAnxtfg_nATkFFESOKGVL4Jn9wkl7r6lzzZhBe7dJiEr... HTTP 302
    https://roiprofit100.info/click.php?key=eujllqqb46mgklxmjwln&clickid=GJICOJ7BAWiszj9wgbHJAegBq79fgAL8s... HTTP 302
    https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

10
Requests

60 %
HTTPS

17 %
IPv6

7
Domains

7
Subdomains

5
IPs

2
Countries

41 kB
Transfer

102 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://pxisghql.www.maypertamina.subsiditepat.id/ HTTP 307
    https://pxisghql.www.maypertamina.subsiditepat.id/ Page URL
  2. https://upuplets.com/r/66-LHGZvxt9XmEmmzU6TAQkbGqQzRgJAnxtfg_nATkFFESOKGVL4Jn9wkl7r6lzzZhBe7dJiErICxVhRUAGs63rSbmPFvaClDgNJ70t5hSgHPTrYIHRwlP5_3L48FjaKOh2HtnCzUUD43XTlhGrEBgxn73YnuMEZeP1jp5SvtesIcP5d86FDuaNzVzzfItX4pG7sfKg2Oi9ISenJ2RVffUv7qz8YSN8dnCMPIfq9kE7oQfXuUzCQBIixi6WZj8mhYvwnmQJqUdTGF95SWjq-nXJySIfL-AI5922zXeMmSiiNPRGY0BV9HWhiyUXGk_VY-K1SqHUF_k7erhI0q7gluQH-x65EUvr_8EegsMAiiisKxdSFrJWTh_JiNTb7SFo4R8OHLiXj8hVQCIhSW0whRhI9rxYEQwAYtkUgY33aDQho6y5CmqgNKgUBwZshhD5ZzXv45eaMXu5-FzmIV3HIiUMqmJvTSZf8UAW71foyJo9OA4QcpDwbZ7AvatXXMz_Sd7AUw5B-mc4Cj9hZI5wKVsDupxUty2WeggMi0YkNzJxSMbd7gybVJ9Jicf8UD8cyNpWrBUeai_zbsLV2kk9GGpFeg-C41-OnjXFA70hrADneNTQlINWizpSDpgMVkTEBeCXS-RjOqRlG4vzIl0IRHMvZuU2JvvQeTR2rKUjgEmLNv4WvXiFcopZZrJF4fghBjj9TvL7xGcUoLX3jd-3fs93aJkrb80SxsDh5_HMmq9ZBay90 HTTP 302
    https://roiprofit100.info/click.php?key=eujllqqb46mgklxmjwln&clickid=GJICOJ7BAWiszj9wgbHJAegBq79fgAL8scDH0vXM0AI&cost=0.0170&zoneId=1564587&ageGroup=UNKNOWN&campaignId=1042220&browser=Chrome&feedId=274&os=android&creativeid=3299457&carrier=Verizon+Internet+Services&proxy=0 HTTP 302
    https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284a83&uclick=xi2ta2a16o&uclickhash=xi2ta2a16o-xi2ta2a16o-2tdudz-0-fnxodz-dvzwi4-dvdv3y-f360d6 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://pxisghql.www.maypertamina.subsiditepat.id/ HTTP 307
  • https://pxisghql.www.maypertamina.subsiditepat.id/

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
pxisghql.www.maypertamina.subsiditepat.id/
Redirect Chain
  • http://pxisghql.www.maypertamina.subsiditepat.id/
  • https://pxisghql.www.maypertamina.subsiditepat.id/
4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pxisghql.www.maypertamina.subsiditepat.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.233.219.123 Chicago, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
viridian02.parklogic.com
Software
/
Resource Hash
e047c256d0c492c48a717c72bc7275ce467ff51a0b2050f5fc3d949ac6bbb799

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control
no-store, max-age=0
content-encoding
gzip
content-type
text/html
date
Tue, 27 May 2025 05:09:41 GMT
permissions-policy
ch-ua=(self "https://*.parklogic.com"), ch-ua-arch=(self "https://*.parklogic.com"), ch-ua-bitness=(self "https://*.parklogic.com"), ch-ua-full-version=(self "https://*.parklogic.com"), ch-ua-full-version-list=(self "https://*.parklogic.com"), ch-ua-mobile=(self "https://*.parklogic.com"), ch-ua-model=(self "https://*.parklogic.com"), ch-ua-platform=(self "https://*.parklogic.com"), ch-ua-platform-version=(self "https://*.parklogic.com"), ch-ua-wow64=(self "https://*.parklogic.com")

Redirect headers

Location
https://pxisghql.www.maypertamina.subsiditepat.id/
Non-Authoritative-Reason
HttpsUpgrades
favicon.ico
pxisghql.www.maypertamina.subsiditepat.id/ 		0
0
/
router.parklogic.com/ 		775 B
864 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://router.parklogic.com/
Requested by
Host: pxisghql.www.maypertamina.subsiditepat.id
URL: https://pxisghql.www.maypertamina.subsiditepat.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:3c06::f03c:95ff:fedc:7282 Chicago, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://pxisghql.www.maypertamina.subsiditepat.id/

Response headers

date
Tue, 27 May 2025 05:09:42 GMT
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
Primary Request index.php
clicktocr.info/androidavLev_ROL/
Redirect Chain
  • https://upuplets.com/r/66-LHGZvxt9XmEmmzU6TAQkbGqQzRgJAnxtfg_nATkFFESOKGVL4Jn9wkl7r6lzzZhBe7dJiErICxVhRUAGs63rSbmPFvaClDgNJ70t5hSgHPTrYIHRwlP5_3L48FjaKOh2HtnCzUUD43XTlhGrEBgxn73YnuMEZeP1jp5SvtesIcP...
  • https://roiprofit100.info/click.php?key=eujllqqb46mgklxmjwln&clickid=GJICOJ7BAWiszj9wgbHJAegBq79fgAL8scDH0vXM0AI&cost=0.0170&zoneId=1564587&ageGroup=UNKNOWN&campaignId=1042220&browser=Chrome&feedId...
  • https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284a83&uclick=xi2ta2a16o&uclickhash=xi2ta2a16o-xi2ta2a16o-2tdudz-0-fnxodz-dvzwi4-dvdv3y-f360d6
33 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284a83&uclick=xi2ta2a16o&uclickhash=xi2ta2a16o-xi2ta2a16o-2tdudz-0-fnxodz-dvzwi4-dvdv3y-f360d6
Requested by
Host: pxisghql.www.maypertamina.subsiditepat.id
URL: https://pxisghql.www.maypertamina.subsiditepat.id/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.254.198.31 New York, United States, ASN30860 (YURTEH-AS Virtual Systems LLC, UA),
Reverse DNS
mail.fiberiatrade.com
Software
nginx /
Resource Hash
9f3044c05d068f16785ee5b62c94e9c7d792adbd6cd9f4644b71c5df87d0bdc8

Request headers

Referer
https://pxisghql.www.maypertamina.subsiditepat.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 27 May 2025 05:09:44 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

content-type
text/html; charset=UTF-8
date
Tue, 27 May 2025 05:09:43 GMT
location
https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284a83&uclick=xi2ta2a16o&uclickhash=xi2ta2a16o-xi2ta2a16o-2tdudz-0-fnxodz-dvzwi4-dvdv3y-f360d6
server
nginx/1.22.1
strict-transport-security
max-age=31536000
bf3e2a5f07395209a75d09299418b301.png
clicktocr.info/androidavLev_ROL/files/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://clicktocr.info/androidavLev_ROL/files/bf3e2a5f07395209a75d09299418b301.png
Requested by
Host: clicktocr.info
URL: https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284a83&uclick=xi2ta2a16o&uclickhash=xi2ta2a16o-xi2ta2a16o-2tdudz-0-fnxodz-dvzwi4-dvdv3y-f360d6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.254.198.31 New York, United States, ASN30860 (YURTEH-AS Virtual Systems LLC, UA),
Reverse DNS
mail.fiberiatrade.com
Software
nginx /
Resource Hash
f90bcf724769e22c9e97a912f51686affa24af47191face5574fd49954acf495

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284a83&uclick=xi2ta2a16o&uclickhash=xi2ta2a16o-xi2ta2a16o-2tdudz-0-fnxodz-dvzwi4-dvdv3y-f360d6

Response headers

ETag
"67addaba-2222"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8738
Date
Tue, 27 May 2025 05:09:44 GMT
Content-Type
image/png
Last-Modified
Thu, 13 Feb 2025 11:42:50 GMT
Server
nginx
a274589ea8db0647df61f5699b71dee1.png
clicktocr.info/androidavLev_ROL/files/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://clicktocr.info/androidavLev_ROL/files/a274589ea8db0647df61f5699b71dee1.png
Requested by
Host: clicktocr.info
URL: https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284a83&uclick=xi2ta2a16o&uclickhash=xi2ta2a16o-xi2ta2a16o-2tdudz-0-fnxodz-dvzwi4-dvdv3y-f360d6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.254.198.31 New York, United States, ASN30860 (YURTEH-AS Virtual Systems LLC, UA),
Reverse DNS
mail.fiberiatrade.com
Software
nginx /
Resource Hash
17fb1c728b5814635d17772d2e4fdf6165827b77fab3e70713e61e1db59cbef0

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284a83&uclick=xi2ta2a16o&uclickhash=xi2ta2a16o-xi2ta2a16o-2tdudz-0-fnxodz-dvzwi4-dvdv3y-f360d6

Response headers

ETag
"67addaba-8b6"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2230
Date
Tue, 27 May 2025 05:09:45 GMT
Content-Type
image/png
Last-Modified
Thu, 13 Feb 2025 11:42:50 GMT
Server
nginx
sdk.js
push-sdk.com/f/ 		54 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://push-sdk.com/f/sdk.js?z=635301
Requested by
Host: clicktocr.info
URL: https://clicktocr.info/androidavLev_ROL/index.php?click_id=b72fexi2ta2a16o168&lpkey=174748043228284a83&uclick=xi2ta2a16o&uclickhash=xi2ta2a16o-xi2ta2a16o-2tdudz-0-fnxodz-dvzwi4-dvdv3y-f360d6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
157.90.33.72 Ismaning, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
sub2.1push.io
Software
Angie /
Resource Hash
91cf9b34af48f3b62d706127b1140c89d8bb3a5455120acd2cfcfc41ab4ad5ee

Request headers

User-Agent
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36
Referer
https://clicktocr.info/

Response headers

cache-control
no-cache, max-age=0, must-revalidate, proxy-revalidate
content-length
15242
content-encoding
gzip
date
Tue, 27 May 2025 05:09:45 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
Angie
event
push-sdk.com/ 		0
0
sync
uidsync.net/ 		0
0
sync
uidsync.net/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
pxisghql.www.maypertamina.subsiditepat.id
URL
https://pxisghql.www.maypertamina.subsiditepat.id/favicon.ico
Domain
push-sdk.com
URL
https://push-sdk.com/event?z=635301
Domain
uidsync.net
URL
https://uidsync.net/sync?user_id=AVfXJI957e6QoPoOZ9aYKI
Domain
uidsync.net
URL
https://uidsync.net/sync?user_id=AVfXJI957e6QoPoOZ9aYKI

Verdicts & Comments Add Verdict or Comment

10 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

function| getURLParameter function| ML function| getLocationURL function| handleFunctionsError object| langs object| ml string| _key string| key object| phoneModelElement object| userBrowserElement

2 Cookies

Domain/Path Name / Value
roiprofit100.info/ Name: uclick
Value: xi2ta2a16o
roiprofit100.info/ Name: uclickhash
Value: xi2ta2a16o-xi2ta2a16o-2tdudz-0-fnxodz-dvzwi4-dvdv3y-f360d6

3 Console Messages

Source Level URL
Text
network error URL: https://pxisghql.www.maypertamina.subsiditepat.id/favicon.ico
Message:
Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
javascript info URL: https://pxisghql.www.maypertamina.subsiditepat.id/
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://pxisghql.www.maypertamina.subsiditepat.id/
Message:
Failed to create WebGPU Context Provider