ptlogin.hahabet5681.com Open in urlscan Pro
18.183.182.159  Public Scan

20 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response ptlogin.hahabet5681.com/	18 KB 19 KB	1069ms 531ms	Document text/html	18.183.182.159 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ptlogin.hahabet5681.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 18.183.182.159 Tokyo, Japan, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-183-182-159.ap-northeast-1.compute.amazonaws.com Software openresty/1.19.9.1 / Resource Hash 074e460500a2125f1e626b5a91af9c86b375ae39c85f327618aed399b4ec95f2 Request headers Host ptlogin.hahabet5681.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server openresty/1.19.9.1 Date Fri, 17 Sep 2021 23:13:44 GMT Content-Type text/html; charset=UTF-8 Content-Length 18922 Connection keep-alive hit bucket Access-Control-Allow-Origin * Access-Control-Allow-Methods GET, POST, OPTIONS Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range Access-Control-Expose-Headers Content-Length,Content-Range
GET H2	200	pact.css sta.gtimg.com/c/=/qd6/css/cssreset.css,/qd6/css/header.css,/qd6/css/login.css,/qd6/css/layout.css,/qd6/css/sprites.css,/qd6/css/ui.css,/qd6/css/footer.css,/qd6/css/font.css,/qd6/css/reg.css,/qd6/css/	111 KB 23 KB	4949ms 379ms	Stylesheet text/css	203.205.137.227 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://sta.gtimg.com/c/=/qd6/css/cssreset.css,/qd6/css/header.css,/qd6/css/login.css,/qd6/css/layout.css,/qd6/css/sprites.css,/qd6/css/ui.css,/qd6/css/footer.css,/qd6/css/font.css,/qd6/css/reg.css,/qd6/css/pact.css Requested by Host: ptlogin.hahabet5681.com URL: https://ptlogin.hahabet5681.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 203.205.137.227 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software X2_Platform / Resource Hash ce277d0061f9d98710563ed48fea009ee663bb843984cefcf4c0315601dcef22 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:49 GMT content-encoding gzip x-cache-lookup Hit From Upstream, Hit From MemCache Gz last-modified Tue, 08 Jun 2021 08:03:58 GMT server X2_Platform content-type text/css access-control-allow-origin * cache-control max-age=300 x-nws-log-uuid 99e51aee-42bf-4107-830c-e0350a15f17f content-length 23536 expires Fri, 17 Sep 2021 23:18:49 GMT
GET H2	200	loginBg.jpg sta.gtimg.com/qd6/images/	54 KB 54 KB	4949ms 379ms	Image image/jpeg	203.205.137.227 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Show image Full URL https://sta.gtimg.com/qd6/images/loginBg.jpg Requested by Host: ptlogin.hahabet5681.com URL: https://ptlogin.hahabet5681.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 203.205.137.227 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software X2_Platform / Resource Hash f53bfbc81c71410047a6b35476ea7b22a3f6d16fac1178cb6fb45eb8479527ae Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:49 GMT x-cache-lookup Hit From MemCache last-modified Tue, 08 Jun 2021 08:03:38 GMT server X2_Platform content-type image/jpeg access-control-allow-origin * cache-control max-age=600 x-nws-log-uuid 117ce06c-02b7-4068-995e-cdffd326875a content-length 55110 expires Fri, 17 Sep 2021 23:23:49 GMT
GET H2	200	phoneAreaSortNew.js Show response sta.gtimg.com/c/=/qd6/js/jquery-1.9.1.min.js,/qd6/js/lulu/Checkbox.js,/qd6/js/lulu/Select.js,/js4/statistics.js,/js4/login.js,/js4/	230 KB 61 KB	376ms 376ms	Script application/javascript	203.205.137.227 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://sta.gtimg.com/c/=/qd6/js/jquery-1.9.1.min.js,/qd6/js/lulu/Checkbox.js,/qd6/js/lulu/Select.js,/js4/statistics.js,/js4/login.js,/js4/phoneAreaSortNew.js Requested by Host: ptlogin.hahabet5681.com URL: https://ptlogin.hahabet5681.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 203.205.137.227 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software X2_Platform / Resource Hash 7ccf9318d88ee0998114182ecfad45b50d759eaa39ce660dc654043794b67b0e Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:50 GMT content-encoding gzip x-cache-lookup Hit From Upstream, Hit From MemCache Gz last-modified Tue, 08 Jun 2021 08:04:26 GMT server X2_Platform content-type application/javascript access-control-allow-origin * cache-control max-age=300 x-nws-log-uuid c39f055b-42b5-4924-824f-acd1cffcd92a content-length 61911 expires Fri, 17 Sep 2021 23:18:50 GMT
GET H2	200	rsa_encrypt.js Show response sta.gtimg.com/c/=/rsa/	12 KB 4 KB	431ms 430ms	Script application/javascript	203.205.137.227 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://sta.gtimg.com/c/=/rsa/rsa_encrypt.js Requested by Host: ptlogin.hahabet5681.com URL: https://ptlogin.hahabet5681.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 203.205.137.227 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software X2_Platform / Resource Hash 54aea2cea53a99e3c76a5281f40302beec7e7aca51ef3aeab542a9cf22ae9131 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:50 GMT content-encoding gzip x-cache-lookup Hit From Upstream, Hit From MemCache Gz last-modified Tue, 08 Jun 2021 08:04:16 GMT server X2_Platform content-type application/javascript access-control-allow-origin * cache-control max-age=300 x-nws-log-uuid 8658d9b4-ff27-442d-beb8-a5123d6441be content-length 4231 expires Fri, 17 Sep 2021 23:18:50 GMT
GET H2	200	report.js Show response qidian.gtimg.com/lbf/2.0.0/qidian/	4 KB 2 KB	1625ms 189ms	Script application/javascript	203.205.137.227 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://qidian.gtimg.com/lbf/2.0.0/qidian/report.js Requested by Host: ptlogin.hahabet5681.com URL: https://ptlogin.hahabet5681.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 203.205.137.227 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software X2_Platform / Resource Hash cbcfe88680ae5887ddae15c93086ecafeeb9c9d8262cf86e1275347ada8b11d5 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:51 GMT content-encoding gzip x-cache-lookup Hit From MemCache Gz last-modified Wed, 01 Jul 2020 03:27:12 GMT server X2_Platform content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=2592000 x-nws-log-uuid 46568f55-1d90-498d-9535-db687a2ef14c content-length 1572 expires Sun, 17 Oct 2021 23:13:51 GMT
GET H2	200	stat.js Show response sta.gtimg.com/js4/	3 KB 1 KB	189ms 189ms	Script application/javascript	203.205.137.227 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://sta.gtimg.com/js4/stat.js Requested by Host: ptlogin.hahabet5681.com URL: https://ptlogin.hahabet5681.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 203.205.137.227 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software X2_Platform / Resource Hash fbb2bb5d8f2bd9b18ed9cf8ee19875f240193edc688ecf1899d3232c22623fe1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:50 GMT content-encoding gzip x-cache-lookup Hit From MemCache Gz last-modified Tue, 08 Jun 2021 08:03:38 GMT server X2_Platform content-type application/javascript access-control-allow-origin * cache-control max-age=600 x-nws-log-uuid a44b9125-47f4-48dc-9a38-0dbe12b57426 content-length 1024 expires Fri, 17 Sep 2021 23:23:50 GMT
GET H/1.1	200 OK	s.gif sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/	0 116 B	1796ms 493ms	Image text/plain	103.235.46.39 BAIDU Beijing Bai...
General Check archive.org Show headers Download Go to Show image Full URL https://sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=https://ptlogin.hahabet5681.com/ Requested by Host: ptlogin.hahabet5681.com URL: https://ptlogin.hahabet5681.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 103.235.46.39 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Fri, 17 Sep 2021 23:13:51 GMT Content-Length 0 Content-Type text/plain; charset=utf-8
GET H/1.1	200 OK	hm.js Show response hm.baidu.com/	39 KB 14 KB	1282ms 486ms	Script application/javascript	103.235.46.191 BAIDU Beijing Bai...
General Check archive.org Show headers Download Go to Full URL https://hm.baidu.com/hm.js?ed4eb3fc10c4dc99f5a660a46734c6f2 Requested by Host: ptlogin.hahabet5681.com URL: https://ptlogin.hahabet5681.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN), Reverse DNS Software apache / Resource Hash 0e2e460c3b998a6bc35fe1993742fbc4c9e61d7c72bafe430843eb7d97f23e08 Security Headers Name Value Strict-Transport-Security max-age=172800 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Fri, 17 Sep 2021 23:13:51 GMT Content-Encoding gzip Server apache Etag 762f8583e4f0d347b965ed3739e2f8b8 Strict-Transport-Security max-age=172800 P3p CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Cache-Control max-age=0, must-revalidate Content-Type application/javascript Content-Length 13947
GET H2	200	logo.png sta.gtimg.com/qd6/images/	4 KB 4 KB	189ms 189ms	Image image/png	203.205.137.227 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Show image Full URL https://sta.gtimg.com/qd6/images/logo.png Requested by Host: sta.gtimg.com URL: https://sta.gtimg.com/c/=/qd6/css/cssreset.css,/qd6/css/header.css,/qd6/css/login.css,/qd6/css/layout.css,/qd6/css/sprites.css,/qd6/css/ui.css,/qd6/css/footer.css,/qd6/css/font.css,/qd6/css/reg.css,/qd6/css/pact.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 203.205.137.227 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software X2_Platform / Resource Hash 416d6388b1314b26283c08b9298a0e4a68c3ad3576897727f71b59f3c25ad90c Request headers Accept-Language de-DE,de;q=0.9 Referer https://sta.gtimg.com/c/=/qd6/css/cssreset.css,/qd6/css/header.css,/qd6/css/login.css,/qd6/css/layout.css,/qd6/css/sprites.css,/qd6/css/ui.css,/qd6/css/footer.css,/qd6/css/font.css,/qd6/css/reg.css,/qd6/css/pact.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:50 GMT x-cache-lookup Hit From MemCache last-modified Tue, 08 Jun 2021 08:03:38 GMT server X2_Platform content-type image/png access-control-allow-origin * cache-control max-age=600 x-nws-log-uuid 7053516e-f70c-4c35-a156-2ac978915879 content-length 4106 expires Fri, 17 Sep 2021 23:23:50 GMT
GET DATA	200 OK	truncated /	518 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c9124e16c48ebff14d8f710da537032c2a3e97e3589cb5c00a8892e03859ac0f Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	scan.png sta.gtimg.com/qd6/images/	2 KB 2 KB	189ms 189ms	Image image/png	203.205.137.227 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Show image Full URL https://sta.gtimg.com/qd6/images/scan.png Requested by Host: sta.gtimg.com URL: https://sta.gtimg.com/c/=/qd6/css/cssreset.css,/qd6/css/header.css,/qd6/css/login.css,/qd6/css/layout.css,/qd6/css/sprites.css,/qd6/css/ui.css,/qd6/css/footer.css,/qd6/css/font.css,/qd6/css/reg.css,/qd6/css/pact.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 203.205.137.227 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software X2_Platform / Resource Hash 0cc88410330253bc530869efdb165869156392d1fddb3f0c7bbee3aef0d7d06a Request headers Accept-Language de-DE,de;q=0.9 Referer https://sta.gtimg.com/c/=/qd6/css/cssreset.css,/qd6/css/header.css,/qd6/css/login.css,/qd6/css/layout.css,/qd6/css/sprites.css,/qd6/css/ui.css,/qd6/css/footer.css,/qd6/css/font.css,/qd6/css/reg.css,/qd6/css/pact.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:50 GMT x-cache-lookup Hit From MemCache last-modified Tue, 08 Jun 2021 08:03:38 GMT server X2_Platform content-type image/png access-control-allow-origin * cache-control max-age=600 x-nws-log-uuid 2277fe57-828e-4826-801c-cb4b99cdf342 content-length 2189 expires Fri, 17 Sep 2021 23:23:50 GMT
GET H2	200	qd_iconfont.woff sta.gtimg.com/qd6/css/font/	4 KB 4 KB	821ms 205ms	Font application/font-woff	203.205.137.227 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://sta.gtimg.com/qd6/css/font/qd_iconfont.woff Requested by Host: sta.gtimg.com URL: https://sta.gtimg.com/c/=/qd6/css/cssreset.css,/qd6/css/header.css,/qd6/css/login.css,/qd6/css/layout.css,/qd6/css/sprites.css,/qd6/css/ui.css,/qd6/css/footer.css,/qd6/css/font.css,/qd6/css/reg.css,/qd6/css/pact.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 203.205.137.227 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software X2_Platform / Resource Hash 897f1ac206ee3050b11a819bc0e1b1d42495a5be28d492edd14a3a627f165e18 Request headers Referer https://sta.gtimg.com/c/=/qd6/css/cssreset.css,/qd6/css/header.css,/qd6/css/login.css,/qd6/css/layout.css,/qd6/css/sprites.css,/qd6/css/ui.css,/qd6/css/footer.css,/qd6/css/font.css,/qd6/css/reg.css,/qd6/css/pact.css Origin https://ptlogin.hahabet5681.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:50 GMT x-cache-lookup Hit From MemCache last-modified Tue, 08 Jun 2021 08:03:38 GMT server X2_Platform content-type application/font-woff access-control-allow-origin * cache-control max-age=600 x-nws-log-uuid d1597364-3e07-4376-9b42-c0e3fc69602f content-length 4076 expires Fri, 17 Sep 2021 23:23:50 GMT
GET H2	200	foot_site.png sta.gtimg.com/qd6/images/	14 KB 14 KB	189ms 189ms	Image image/png	203.205.137.227 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Show image Full URL https://sta.gtimg.com/qd6/images/foot_site.png Requested by Host: sta.gtimg.com URL: https://sta.gtimg.com/c/=/qd6/css/cssreset.css,/qd6/css/header.css,/qd6/css/login.css,/qd6/css/layout.css,/qd6/css/sprites.css,/qd6/css/ui.css,/qd6/css/footer.css,/qd6/css/font.css,/qd6/css/reg.css,/qd6/css/pact.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 203.205.137.227 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software X2_Platform / Resource Hash 040898e9b067f210f0f47c9dcabc3aad80625f0e0058799e3a9141cee151ec3c Request headers Accept-Language de-DE,de;q=0.9 Referer https://sta.gtimg.com/c/=/qd6/css/cssreset.css,/qd6/css/header.css,/qd6/css/login.css,/qd6/css/layout.css,/qd6/css/sprites.css,/qd6/css/ui.css,/qd6/css/footer.css,/qd6/css/font.css,/qd6/css/reg.css,/qd6/css/pact.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:50 GMT x-cache-lookup Hit From MemCache last-modified Tue, 08 Jun 2021 08:03:38 GMT server X2_Platform content-type image/png access-control-allow-origin * cache-control max-age=600 x-nws-log-uuid 8cb20818-5b87-46da-ba73-6e214eac344f content-length 14460 expires Fri, 17 Sep 2021 23:23:50 GMT
GET H2	200	rsa_encrypt.js Show response sta.gtimg.com/rsa/	12 KB 4 KB	189ms 189ms	Script application/javascript	203.205.137.227 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://sta.gtimg.com/rsa/rsa_encrypt.js?_=1631920430596 Requested by Host: sta.gtimg.com URL: https://sta.gtimg.com/c/=/qd6/js/jquery-1.9.1.min.js,/qd6/js/lulu/Checkbox.js,/qd6/js/lulu/Select.js,/js4/statistics.js,/js4/login.js,/js4/phoneAreaSortNew.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 203.205.137.227 Shenzhen, China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software X2_Platform / Resource Hash 54aea2cea53a99e3c76a5281f40302beec7e7aca51ef3aeab542a9cf22ae9131 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:51 GMT content-encoding gzip x-cache-lookup Hit From MemCache Gz last-modified Tue, 08 Jun 2021 08:03:38 GMT server X2_Platform content-type application/javascript access-control-allow-origin * cache-control max-age=600 x-nws-log-uuid 8e80a5a6-2b86-4bd9-a59d-9d33cc1c5bd6 content-length 4231 expires Fri, 17 Sep 2021 23:23:51 GMT
GET H2	200	checkStatus Show response ptlogin.yuewen.com/login/	128 B 255 B	1525ms 267ms	Script text/html	124.156.189.2 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://ptlogin.yuewen.com/login/checkStatus?callback=jQuery19106670167372272591_1631920430597&appId=10&areaId=1&source=&returnurl=http%3A%2F%2Fwww.hahabet5681.com&version=&imei=&qimei=&target=top&ticket=0&autotime=14&jumpdm=qidian&ajaxdm=&auto=&sdkversion=&method=LoginV1.checkStatusCallback&format=jsonp&_=1631920430598 Requested by Host: sta.gtimg.com URL: https://sta.gtimg.com/c/=/qd6/js/jquery-1.9.1.min.js,/qd6/js/lulu/Checkbox.js,/qd6/js/lulu/Select.js,/js4/statistics.js,/js4/login.js,/js4/phoneAreaSortNew.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 124.156.189.2 Central, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash ba355fdd210f769d4681acd6e2c52b6576f9bdd50e6f183055aeabda4133e31b Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 17 Sep 2021 23:13:53 GMT cache-control no-cache, no-store, max-age=0, must-revalidate server nginx content-type text/html content-length 128 p3p CP=CAO PSA OUR
GET H/1.1	200 OK	unifyreport Show response path.book.qq.com/	2 B 134 B	1560ms 247ms	Script text/plain	203.205.235.63 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://path.book.qq.com/unifyreport?ctime=2021-09-17%2023:13:51&sid=1631920338_98955900&uuid=1631920338_98955900&guid=&ip=18.178.126.78&sh=1200&sw=1600&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/92.0.4515.159%20Safari/537.36&appid=10&areaid=1&title=hahaet%E5%AE%98%E7%BD%91%E9%A6%96%E9%A1%B5_hahabet%E7%99%BB%E5%BD%95%E7%BD%91%E5%9D%80%E5%8F%B0_%E5%A4%AE%E8%A7%86%E7%BD%91_%E6%89%8B%E6%9C%BA%E4%B8%8B%E8%BD%BD%E2%86%92&url=https%3A%2F%2Fptlogin.hahabet5681.com%2F&ref=&path=typclog&cname=TYlogin&event_type=P&eid=&e1=&e2=&pid=ty_P_landlogin&x=&y=&callback=jQuery19106670167372272591_1631920430599&_=1631920430600 Requested by Host: sta.gtimg.com URL: https://sta.gtimg.com/c/=/qd6/js/jquery-1.9.1.min.js,/qd6/js/lulu/Checkbox.js,/qd6/js/lulu/Select.js,/js4/statistics.js,/js4/login.js,/js4/phoneAreaSortNew.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 203.205.235.63 , China, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Content-Range 2 Date Fri, 17 Sep 2021 23:13:53 GMT Server nginx Connection keep-alive Content-Length 2
GET H2	200	qreport qdp.qidian.com/	2 B 86 B	1228ms 241ms	Image text/plain	124.156.189.2 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Show image Full URL https://qdp.qidian.com/qreport?path=pclog&ltype=P&url=https%3A%2F%2Fptlogin.hahabet5681.com%2F&ref=&sw=1600&sh=1200&x=&y=&title=QQ%E9%98%85%E8%AF%BB%E7%99%BB%E5%BD%95%E7%95%8C%E9%9D%A2%EF%BC%88PC%EF%BC%89&pid=qd_P_QQlogin&chan=10 Requested by Host: ptlogin.hahabet5681.com URL: https://ptlogin.hahabet5681.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 124.156.189.2 Central, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers content-range 2 date Fri, 17 Sep 2021 23:13:52 GMT cache-control no-cache server nginx content-length 2
GET H/1.1	200 OK	hm.gif hm.baidu.com/	43 B 299 B	382ms 382ms	Image image/gif	103.235.46.191 BAIDU Beijing Bai...
General Check archive.org Show headers Download Go to Show image Full URL https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1599326563&si=ed4eb3fc10c4dc99f5a660a46734c6f2&v=1.2.85&lv=1&sn=33397&r=0&ww=1600&ct=!!&u=https%3A%2F%2Fptlogin.hahabet5681.com%2F&tt=hahaet%E5%AE%98%E7%BD%91%E9%A6%96%E9%A1%B5_hahabet%E7%99%BB%E5%BD%95%E7%BD%91%E5%9D%80%E5%8F%B0_%E5%A4%AE%E8%A7%86%E7%BD%91_%E6%89%8B%E6%9C%BA%E4%B8%8B%E8%BD%BD%E2%86%92 Requested by Host: ptlogin.hahabet5681.com URL: https://ptlogin.hahabet5681.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN), Reverse DNS Software apache / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Security Headers Name Value Strict-Transport-Security max-age=172800 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://ptlogin.hahabet5681.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Pragma no-cache Date Fri, 17 Sep 2021 23:13:52 GMT X-Content-Type-Options nosniff Server apache Strict-Transport-Security max-age=172800 Content-Type image/gif Cache-Control private, max-age=0, no-cache Content-Length 43

94 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster object| _hmt object| Statistics object| LoginV1 function| jump function| rsa_encryption function| addStat function| topjump object| GPhoneArea function| OK function| $ function| jQuery number| dbits number| canary boolean| j_lm function| BigInteger function| nbi function| am1 function| am2 function| am3 number| BI_FP string| BI_RM object| BI_RC number| rr number| vv function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr function| rng_seed_int function| rng_seed_time number| t undefined| z function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt object| Report object| Stat undefined| jQuery19106670167372272591_1631920430597 undefined| jQuery19106670167372272591_1631920430599 boolean| _bdhm_loaded_ed4eb3fc10c4dc99f5a660a46734c6f2 object| mini_tangram_log_4l9514

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.hm.baidu.com/	1970-01-25 20:29:45	Name: HMACCOUNT_BFESS Value: 68B515308EFA531B
			ptlogin.hahabet5681.com/	1969-12-31 23:59:59	Name: newstatisticSID Value: 1631920338_98955900
			ptlogin.hahabet5681.com/	1970-01-20 06:04:16	Name: newstatisticUUID Value: 1631920338_98955900
			.ptlogin.hahabet5681.com/	1970-01-20 06:04:16	Name: Hm_lvt_ed4eb3fc10c4dc99f5a660a46734c6f2 Value: 1631920432
			.ptlogin.hahabet5681.com/	1969-12-31 23:59:59	Name: Hm_lpvt_ed4eb3fc10c4dc99f5a660a46734c6f2 Value: 1631920432

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hm.baidu.com
path.book.qq.com
ptlogin.hahabet5681.com
ptlogin.yuewen.com
qdp.qidian.com
qidian.gtimg.com
sp0.baidu.com
sta.gtimg.com
103.235.46.191
103.235.46.39
124.156.189.2
18.183.182.159
203.205.137.227
203.205.235.63
040898e9b067f210f0f47c9dcabc3aad80625f0e0058799e3a9141cee151ec3c
074e460500a2125f1e626b5a91af9c86b375ae39c85f327618aed399b4ec95f2
0cc88410330253bc530869efdb165869156392d1fddb3f0c7bbee3aef0d7d06a
0e2e460c3b998a6bc35fe1993742fbc4c9e61d7c72bafe430843eb7d97f23e08
416d6388b1314b26283c08b9298a0e4a68c3ad3576897727f71b59f3c25ad90c
54aea2cea53a99e3c76a5281f40302beec7e7aca51ef3aeab542a9cf22ae9131
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
7ccf9318d88ee0998114182ecfad45b50d759eaa39ce660dc654043794b67b0e
897f1ac206ee3050b11a819bc0e1b1d42495a5be28d492edd14a3a627f165e18
ba355fdd210f769d4681acd6e2c52b6576f9bdd50e6f183055aeabda4133e31b
c9124e16c48ebff14d8f710da537032c2a3e97e3589cb5c00a8892e03859ac0f
cbcfe88680ae5887ddae15c93086ecafeeb9c9d8262cf86e1275347ada8b11d5
ce277d0061f9d98710563ed48fea009ee663bb843984cefcf4c0315601dcef22
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f53bfbc81c71410047a6b35476ea7b22a3f6d16fac1178cb6fb45eb8479527ae
fbb2bb5d8f2bd9b18ed9cf8ee19875f240193edc688ecf1899d3232c22623fe1