www.booking-reward.zeraatna.com Open in urlscan Pro
176.9.202.125  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.booking-reward.zeraatna.com/	8 KB 9 KB	143ms 74ms	Document text/html	176.9.202.125 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.booking-reward.zeraatna.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 176.9.202.125 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ns113.mazinhost.net Software nginx / Resource Hash 75528b53117e250e82328963fec13b592a1461576514a90b389706931aab079f Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-cache, private Connection keep-alive Content-Type text/html; charset=UTF-8 Date Mon, 20 Mar 2023 20:16:00 GMT Server nginx Transfer-Encoding chunked
GET H/1.1	200 OK	mystyle.css www.booking-reward.zeraatna.com/css/	4 KB 4 KB	12ms 12ms	Stylesheet text/css	176.9.202.125 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.booking-reward.zeraatna.com/css/mystyle.css Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 176.9.202.125 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ns113.mazinhost.net Software nginx / Resource Hash 5549e947317293dccdc1fba4f3df4781266f1b121e0138c7f00fc8a7def5f4b4 Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Date Mon, 20 Mar 2023 20:16:00 GMT Last-Modified Wed, 15 Feb 2023 17:33:38 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 4026 Content-Type text/css
GET H/1.1	200 OK	all.min.css www.booking-reward.zeraatna.com/css/	122 KB 122 KB	26ms 13ms	Stylesheet text/css	176.9.202.125 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.booking-reward.zeraatna.com/css/all.min.css Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 176.9.202.125 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ns113.mazinhost.net Software nginx / Resource Hash 3b686bb90d2a76c9e0b0ad5eb72482103cf9cee09ed45a92daac10045cdf2f2a Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Date Mon, 20 Mar 2023 20:16:00 GMT Last-Modified Fri, 09 Dec 2022 16:12:20 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 124605 Content-Type text/css
GET H/1.1	200 OK	regular.css www.booking-reward.zeraatna.com/css/	633 B 841 B	34ms 11ms	Stylesheet text/css	176.9.202.125 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.booking-reward.zeraatna.com/css/regular.css Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 176.9.202.125 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ns113.mazinhost.net Software nginx / Resource Hash 775845e997f649f7e00bf4cbc1987cedf4d3d019cf01e9ebc62b1760ff343c2e Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Date Mon, 20 Mar 2023 20:16:00 GMT Last-Modified Tue, 30 Aug 2022 14:47:10 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 633 Content-Type text/css
GET H2	200	css2 fonts.googleapis.com/	4 KB 1 KB	132ms 48ms	Stylesheet text/css	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter+Tight:wght@700&family=Roboto&display=swap Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash a910fad5148cf6125d48b7231580f4ae66d27804e886fe0f4ce58599c0962fef Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Mon, 20 Mar 2023 20:16:00 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Mon, 20 Mar 2023 20:16:00 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 20 Mar 2023 20:16:00 GMT
GET H/1.1	200 OK	download.png www.booking-reward.zeraatna.com/images/	642 B 851 B	33ms 11ms	Image image/png	176.9.202.125 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.booking-reward.zeraatna.com/images/download.png Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 176.9.202.125 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ns113.mazinhost.net Software nginx / Resource Hash a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8 Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Date Mon, 20 Mar 2023 20:16:00 GMT Last-Modified Thu, 29 Sep 2022 14:42:40 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 642 Content-Type image/png
GET H/1.1	200 OK	download%20(2).png www.booking-reward.zeraatna.com/images/	969 B 1 KB	19ms 11ms	Image image/png	176.9.202.125 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.booking-reward.zeraatna.com/images/download%20(2).png Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 176.9.202.125 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ns113.mazinhost.net Software nginx / Resource Hash 5ba147023e40e224a8b68709ab02c66b5e39254fcdbb4c5a460d0c320b48da96 Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Date Mon, 20 Mar 2023 20:16:00 GMT Last-Modified Thu, 29 Sep 2022 15:35:14 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 969 Content-Type image/png
GET H/1.1	200 OK	download%20(1).png www.booking-reward.zeraatna.com/images/	3 KB 3 KB	20ms 11ms	Image image/png	176.9.202.125 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.booking-reward.zeraatna.com/images/download%20(1).png Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 176.9.202.125 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ns113.mazinhost.net Software nginx / Resource Hash 15a3a60f2debbd541f2dcb629aea18e0bb080388c6bb0a27f0e9c96d44399c38 Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Date Mon, 20 Mar 2023 20:16:00 GMT Last-Modified Thu, 29 Sep 2022 15:32:58 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 3261 Content-Type image/png
GET H/1.1	200 OK	main.js Show response www.booking-reward.zeraatna.com/js/	521 B 743 B	17ms 12ms	Script application/javascript	176.9.202.125 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.booking-reward.zeraatna.com/js/main.js Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 176.9.202.125 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ns113.mazinhost.net Software nginx / Resource Hash 22825bf6516ae2b375b906d555ef8ab89bd86ca7edb2559360284c29a2036497 Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Date Mon, 20 Mar 2023 20:16:00 GMT Last-Modified Sat, 01 Oct 2022 01:42:50 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 521 Content-Type application/javascript
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.6.0/	87 KB 31 KB	136ms 39ms	Script text/javascript	2a00:1450:4001:806::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Mon, 20 Mar 2023 10:22:03 GMT content-encoding gzip x-content-type-options nosniff age 35637 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31017 x-xss-protection 0 last-modified Wed, 10 Mar 2021 14:28:09 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Tue, 19 Mar 2024 10:22:03 GMT
GET H2	200	bootstrap.min.js Show response maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/	39 KB 12 KB	35ms 17ms	Script application/javascript	2606:4700::6812:acf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Mon, 20 Mar 2023 20:16:00 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br cdn-edgestorageid 601, 617, 617 age 4122276 cdn-cachedat 2021-08-01 19:19:12 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:00 GMT server cloudflare cdn-requestpullcode 200 vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid 6923066369371d6997c92d232b1a01f3 timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 7ab0a160ef003a64-FRA cdn-requestpullsuccess True
GET H/1.1	200 OK	anis.js Show response www.booking-reward.zeraatna.com/js/	3 KB 3 KB	28ms 11ms	Script application/javascript	176.9.202.125 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.booking-reward.zeraatna.com/js/anis.js Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 176.9.202.125 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ns113.mazinhost.net Software nginx / Resource Hash 65fe99e962a62c784f2efa815f59e96601689b796cc59fd60713292ea53be2c5 Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Date Mon, 20 Mar 2023 20:16:00 GMT Last-Modified Sun, 19 Feb 2023 20:44:47 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 2995 Content-Type application/javascript
GET H/1.1	200 OK	startup.js Show response www.booking-reward.zeraatna.com/js/	788 B 1010 B	28ms 11ms	Script application/javascript	176.9.202.125 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.booking-reward.zeraatna.com/js/startup.js Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 176.9.202.125 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ns113.mazinhost.net Software nginx / Resource Hash 7dbdee3f0229ed8233d2d5712211fbfef4bb52f38528df0a9b892a2244395544 Request headers accept-language de-DE,de;q=0.9 Referer https://www.booking-reward.zeraatna.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Date Mon, 20 Mar 2023 20:16:00 GMT Last-Modified Tue, 24 Jan 2023 19:25:16 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 788 Content-Type application/javascript
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	121ms 37ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Inter+Tight:wght@700&family=Roboto&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.booking-reward.zeraatna.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Thu, 16 Mar 2023 14:05:36 GMT x-content-type-options nosniff age 367824 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15744 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:48 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 15 Mar 2024 14:05:36 GMT
GET H/1.1	200 OK	fa-regular-400.woff2 www.booking-reward.zeraatna.com/webfonts/	25 KB 25 KB	12ms 12ms	Font font/woff2	176.9.202.125 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.booking-reward.zeraatna.com/webfonts/fa-regular-400.woff2 Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/css/all.min.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 176.9.202.125 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS ns113.mazinhost.net Software nginx / Resource Hash fe69d94841462d397faeff253ee09a6dc7941be931f942a55e6b9def8f3b048d Request headers Referer https://www.booking-reward.zeraatna.com/css/all.min.css Origin https://www.booking-reward.zeraatna.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Date Mon, 20 Mar 2023 20:16:00 GMT Last-Modified Tue, 30 Aug 2022 14:47:10 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 25096 Content-Type font/woff2
POST H2	403	sendMessage Show response api.telegram.org/bot5698907203:AAFBXV5ty9dQH85xzNW2lV5ZI1ukQu1ztm0/	83 B 293 B	36ms 36ms	Fetch application/json	2001:67c:4e8:f004::9 TELEGRAM
General Check archive.org Show headers Download Go to Full URL https://api.telegram.org/bot5698907203:AAFBXV5ty9dQH85xzNW2lV5ZI1ukQu1ztm0/sendMessage Requested by Host: www.booking-reward.zeraatna.com URL: https://www.booking-reward.zeraatna.com/js/startup.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG), Reverse DNS Software nginx/1.18.0 / Resource Hash 0437980cc103c01fb9be076906e7f9b57d15c3d9210fef1e32e11fb84e0c0b2e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.booking-reward.zeraatna.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Content-Type application/json Response headers access-control-allow-origin * date Mon, 20 Mar 2023 20:16:00 GMT strict-transport-security max-age=31536000; includeSubDomains; preload access-control-expose-headers Content-Length,Content-Type,Date,Server,Connection server nginx/1.18.0 content-length 83 content-type application/json
OPTIONS H2	204	sendMessage api.telegram.org/bot5698907203:AAFBXV5ty9dQH85xzNW2lV5ZI1ukQu1ztm0/	0 0	115ms 35ms	Preflight	2001:67c:4e8:f004::9 TELEGRAM
General Check archive.org Show headers Download Go to Full URL https://api.telegram.org/bot5698907203:AAFBXV5ty9dQH85xzNW2lV5ZI1ukQu1ztm0/sendMessage Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG), Reverse DNS Software nginx/1.18.0 / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.booking-reward.zeraatna.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * access-control-expose-headers Content-Length,Content-Type,Date,Server,Connection access-control-max-age 86400 date Mon, 20 Mar 2023 20:16:00 GMT server nginx/1.18.0

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| phoneNumber function| returnEmail function| $ function| jQuery boolean| ret function| IsEmail

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.booking-reward.zeraatna.com/	1970-01-20 10:29:10	Name: XSRF-TOKEN Value: eyJpdiI6ImxkZXNDdkNKVG1BWEFRYURGYmFSWkE9PSIsInZhbHVlIjoiMzU4YU5CSzl3WEdoUDAwQmc3emI5WTVWcWFWOFdxd2cwT0NIMTlZM1NlOXg5eSt1RFVyaDYrOVh2UEtrNWhEZ3RoZWN4TG9RNC9wR3pYS09aVTduWEU1UHZOL1VFeFFBVmh2LzIydHk1czkvSkhEWkU4Wkd2eGo0RU9pelN2VjEiLCJtYWMiOiIzODQ1ZTZmMjVkZjU4ZGM2ZjRlZjRkOTllYjNlYzhjYmRhZGY2ODZjNjlhMzc3ZjA1ZDc5ZTAwN2FiZjU0ZTE0IiwidGFnIjoiIn0%3D
			www.booking-reward.zeraatna.com/	1970-01-20 10:29:10	Name: laravel_session Value: eyJpdiI6IldGQmhuaXV0bzFjVG9TeUpzdnNjTmc9PSIsInZhbHVlIjoiU2dHTUhHMmlBL1Z0dElZRGs5UHM0YmRhTi9DMzVOSWplay9WL2JJRXgxTzRtcU5LN0FWMDRQT3JrNXpDdktyR1h4UUx6Q2tCcHJ1SkhDSWR4Zjh1VEpGcGozaGlWVnZ5NEdoTzl4Sk5zTTUxelVLdUlsaXZ5bVA0NHBxQTI3bHgiLCJtYWMiOiJlYzcyZWNhZmY0MDM1Y2ZjOTUwNTIwMzQwZjgzMDZjYmM3ZWM5YjU5OWI4ZDk4MWZlMzcyZmFhZjI0MTYzZjhiIiwidGFnIjoiIn0%3D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.telegram.org/bot5698907203:AAFBXV5ty9dQH85xzNW2lV5ZI1ukQu1ztm0/sendMessage Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.telegram.org
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
www.booking-reward.zeraatna.com
176.9.202.125
2001:67c:4e8:f004::9
2606:4700::6812:acf
2a00:1450:4001:806::200a
2a00:1450:4001:829::2003
2a00:1450:4001:82a::200a
0437980cc103c01fb9be076906e7f9b57d15c3d9210fef1e32e11fb84e0c0b2e
15a3a60f2debbd541f2dcb629aea18e0bb080388c6bb0a27f0e9c96d44399c38
22825bf6516ae2b375b906d555ef8ab89bd86ca7edb2559360284c29a2036497
3b686bb90d2a76c9e0b0ad5eb72482103cf9cee09ed45a92daac10045cdf2f2a
5549e947317293dccdc1fba4f3df4781266f1b121e0138c7f00fc8a7def5f4b4
5ba147023e40e224a8b68709ab02c66b5e39254fcdbb4c5a460d0c320b48da96
65fe99e962a62c784f2efa815f59e96601689b796cc59fd60713292ea53be2c5
75528b53117e250e82328963fec13b592a1461576514a90b389706931aab079f
775845e997f649f7e00bf4cbc1987cedf4d3d019cf01e9ebc62b1760ff343c2e
7dbdee3f0229ed8233d2d5712211fbfef4bb52f38528df0a9b892a2244395544
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
a910fad5148cf6125d48b7231580f4ae66d27804e886fe0f4ce58599c0962fef
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fe69d94841462d397faeff253ee09a6dc7941be931f942a55e6b9def8f3b048d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e