URL: https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
Submission: On July 01 via manual from HK — Scanned from DE

Summary

This website contacted 7 IPs in 2 countries across 2 domains to perform 19 HTTP transactions. The main IP is 120.133.230.38, located in China and belongs to CHINANET-SHANGHAI-MAN China Telecom Group, CN. The main domain is qiyehao.huazhu.com.
TLS certificate: Issued by GeoTrust CN RSA CA G1 on May 8th 2024. Valid for: a year.
This is the only time qiyehao.huazhu.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 120.133.230.38 4811 (CHINANET-...)
3 240e:95d:c02:... 4134 (CHINANET-...)
2 240b:4000:f20... 45102 (ALIBABA-C...)
1 59.82.132.217 37963 (ALIBABA-C...)
2 2402:4e00:143... 45090 (TENCENT-N...)
4 120.133.230.35 4811 (CHINANET-...)
19 7
Apex Domain
Subdomains
Transfer
14 huazhu.com
qiyehao.huazhu.com
campaign.huazhu.com
res-pub.huazhu.com
hweb-personalcenter.huazhu.com
hud.huazhu.com
snssdk.huazhu.com — Cisco Umbrella Rank: 882417
396 KB
3 amap.com
webapi.amap.com — Cisco Umbrella Rank: 67079
restapi.amap.com — Cisco Umbrella Rank: 28269
143 KB
19 2
Domain Requested by
4 snssdk.huazhu.com res-pub.huazhu.com
4 qiyehao.huazhu.com qiyehao.huazhu.com
2 hweb-personalcenter.huazhu.com qiyehao.huazhu.com
2 webapi.amap.com qiyehao.huazhu.com
webapi.amap.com
2 campaign.huazhu.com qiyehao.huazhu.com
1 hud.huazhu.com campaign.huazhu.com
1 res-pub.huazhu.com qiyehao.huazhu.com
1 restapi.amap.com webapi.amap.com
19 8

This site contains no links.

Subject Issuer Validity Valid
*.huazhu.com
GeoTrust CN RSA CA G1
2024-05-08 -
2025-06-08
a year crt.sh
*.amap.com
GlobalSign Organization Validation CA - SHA256 - G3
2024-03-06 -
2025-04-07
a year crt.sh

This page contains 1 frames:

Primary Page: https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
Frame ID: 34719E41E4DE48D1039E4B2CB2D6BCFE
Requests: 16 HTTP requests in this frame

Screenshot

Page Title

加载中...

Page Statistics

19
Requests

89 %
HTTPS

50 %
IPv6

2
Domains

8
Subdomains

7
IPs

2
Countries

539 kB
Transfer

1943 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request home
qiyehao.huazhu.com/
2 KB
1 KB
Document
General
Full URL
https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
120.133.230.38 , China, ASN4811 (CHINANET-SHANGHAI-MAN China Telecom Group, CN),
Reverse DNS
Software
APISIX /
Resource Hash
7d881c380da8d491a31f95b86c916a5460adf797d140030a27f4c1b041080a69

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Mon, 01 Jul 2024 00:51:53 GMT
ETag
W/"66573a9b-6bc"
Keep-Alive
timeout=60
Last-Modified
Wed, 29 May 2024 14:24:27 GMT
Server
APISIX
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Request-Id
571b83bf-05a0-4f9d-8c9d-5c3141f82872
app.aafd41c.css
qiyehao.huazhu.com/css/
345 KB
53 KB
Stylesheet
General
Full URL
https://qiyehao.huazhu.com/css/app.aafd41c.css
Requested by
Host: qiyehao.huazhu.com
URL: https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
120.133.230.38 , China, ASN4811 (CHINANET-SHANGHAI-MAN China Telecom Group, CN),
Reverse DNS
Software
APISIX /
Resource Hash
a016e4885f7b5ad4f65ccdaa7f1fabe9a65dfb4e36f6b4f6cfbd21e6b6c52a43

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Jul 2024 00:51:54 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 May 2024 14:24:27 GMT
Server
APISIX
ETag
W/"66573a9b-5649b"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
no-cache, no-store
Connection
keep-alive
Keep-Alive
timeout=60
X-Request-Id
91fad35b-5aea-46db-93e4-7e3c9d8ac8df
index.js
campaign.huazhu.com/cdn/libs/jssdk/
1 KB
1 KB
Script
General
Full URL
https://campaign.huazhu.com/cdn/libs/jssdk/index.js
Requested by
Host: qiyehao.huazhu.com
URL: https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
240e:95d:c02:13:8000:0:d00:15 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software
volc-dcdn /
Resource Hash
c8896682ee03ce23287fbb155db62237891e589554bdfb7721207e44b4823fd3

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://qiyehao.huazhu.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 01 Jul 2024 00:51:54 GMT
via
n157-088-151.njmp.ToB,n61-184-011-004.bdcdn-hbxyct04.ToB
content-encoding
br
x-bdsa-cache-status
HIT
x-tt-trace-tag
id=5
x-cos-request-id
NjRkYjNmY2RfZjVmMGY0MDlfZTkyXzUxZTY3NzY=
cache-via-status
cache.n157-088-154.njmp(HIT),cache.n61-184-011-006.bdcdn-hbxyct04(HIT)
x-dsa-trace-id
1719795114addfa654351b01fa61e9824271845bcd
x-cos-version-id
null
server-timing
cdn-cache;desc=HIT, origin;dur=0, edge;dur=3, cdn-cache;desc=HIT
x-dsa-origin-status
200
x-cos-hash-crc64ecma
9432010023651767991
last-modified
Thu, 15 Sep 2022 02:34:01 GMT
server
volc-dcdn
x-bdsa-cache-tm
1715308542-27049428
etag
W/"8b394a82b6f053a5fee4fa667991c4ca"
vary
Accept-Encoding
cache-via
cache.n157-088-154.njmp,cache.n61-184-011-006.bdcdn-hbxyct04
content-type
application/javascript
x-request-ip
2001:1b60:1010:2:1011:3d75:184d:79ab
cache-control
max-age=31536000
maps
webapi.amap.com/
342 KB
112 KB
Script
General
Full URL
https://webapi.amap.com/maps?v=1.4.15&key=770e41bb8fd6e36357fae35dc531fbe7
Requested by
Host: qiyehao.huazhu.com
URL: https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
240b:4000:f20::239 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
Tengine /
Resource Hash
08d73f9feea3272dcb02c72b65339b038689f864f6bfc2996a6c76f63e8870b3
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://qiyehao.huazhu.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 01 Jul 2024 00:51:54 GMT
content-encoding
gzip
strict-transport-security
max-age=0
s-brt
21
x-readtime
2
ups-target-key
webapi.vs.amap.com
server
Tengine
x-protocol
HTTP/2.0
etag
W/f28422e54ea91dffe3b9b1a2ba4a75cd
vary
Accept-Encoding
access-control-allow-methods
*
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-server-id
72446e765a0ee479614554419edfe3ecf8e28af5064da114559d4bbc8767651c730a6faa850f76d4
cache-control
max-age=0
access-control-allow-headers
*
eagleeye-traceid
2140c77617197951146117760e0ec5
app.aafd41c.js
qiyehao.huazhu.com/js/
980 KB
289 KB
Script
General
Full URL
https://qiyehao.huazhu.com/js/app.aafd41c.js
Requested by
Host: qiyehao.huazhu.com
URL: https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
120.133.230.38 , China, ASN4811 (CHINANET-SHANGHAI-MAN China Telecom Group, CN),
Reverse DNS
Software
APISIX /
Resource Hash
62b06e73b55c3f82c81dac66b0ff9f5e11f650f7006ee75a32c94a0d692547c9

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Jul 2024 00:51:55 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 May 2024 14:24:27 GMT
Server
APISIX
ETag
W/"66573a9b-f50ae"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
no-cache, no-store
Connection
keep-alive
Keep-Alive
timeout=60
X-Request-Id
0b49634a-b032-4a59-bbad-50c8a86faf08
modules
webapi.amap.com/maps/
83 KB
30 KB
Script
General
Full URL
https://webapi.amap.com/maps/modules?v=1.4.27&key=770e41bb8fd6e36357fae35dc531fbe7&vrs=1718085179880&m=vectorlayer,overlay,cgl,sync
Requested by
Host: webapi.amap.com
URL: https://webapi.amap.com/maps?v=1.4.15&key=770e41bb8fd6e36357fae35dc531fbe7
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
240b:4000:f20::239 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
Tengine /
Resource Hash
0e78dc628bb2f3b774e861670baec00d300375358813ab7b0b6966d7cec674c0
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://qiyehao.huazhu.com/
Origin
https://qiyehao.huazhu.com
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 01 Jul 2024 00:51:57 GMT
content-encoding
gzip
strict-transport-security
max-age=0
s-brt
3
x-readtime
1
ups-target-key
webapi.vs.amap.com
content-length
30555
server
Tengine
x-protocol
HTTP/2.0
etag
W/d62b4ee0fd73ad3c631d93895fc40282
access-control-allow-methods
*
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-server-id
72446e765a0ee479614554419edfe3ecf8e28af5064da114435127df6cb39499730a6faa850f76d4
cache-control
max-age=0
accept-ranges
bytes
access-control-allow-headers
*
eagleeye-traceid
2101768717197951175452228e1173
init
restapi.amap.com/v3/log/
78 B
615 B
Script
General
Full URL
https://restapi.amap.com/v3/log/init?s=rsv3&product=JsInit&key=770e41bb8fd6e36357fae35dc531fbe7&t=1719795117905&resolution=1600*1200&mob=1&vt=1&dpr=1&scale=1&detect=false&jscode=3e6e91fc80f13552bb7d916ac01f447a&callback=jsonp_706161_&platform=JS&logversion=2.0&appname=https%3A%2F%2Fqiyehao.huazhu.com%2Fhome&csid=7E9F0D73-1543-4F7C-B47F-23C5654787CF&sdkversion=1.4.27
Requested by
Host: webapi.amap.com
URL: https://webapi.amap.com/maps?v=1.4.15&key=770e41bb8fd6e36357fae35dc531fbe7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
59.82.132.217 , China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
Tengine /
Resource Hash
1f7045b23eae3e8cc97c3045fc26cfe6306e2978e3e832ef9b9a57972bc339ce

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://qiyehao.huazhu.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Jul 2024 00:51:59 GMT
Content-Encoding
gzip
sc
0.003
Server
Tengine
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
*
Connection
close
gsid
033049029028171979511944800069010845798
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,key,x-biz,x-info,platinfo,encr,enginever,gzipped,poiid
dae0ccbe-9ae2-4850-9adb-1c2f8d34e145
https://qiyehao.huazhu.com/
7 KB
0
Other
General
Full URL
blob:https://qiyehao.huazhu.com/dae0ccbe-9ae2-4850-9adb-1c2f8d34e145
Requested by
Host: qiyehao.huazhu.com
URL: https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3510bdfa7c0b5ba1e40bd3ef50efb2a98bc1e0df75118429bd21983842243f87

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Length
7095
Content-Type
text/javascript; charset=utf-8
396fbb48-92b9-4843-9a42-49ae0d4ab7bf
https://qiyehao.huazhu.com/
7 KB
0
Other
General
Full URL
blob:https://qiyehao.huazhu.com/396fbb48-92b9-4843-9a42-49ae0d4ab7bf
Requested by
Host: qiyehao.huazhu.com
URL: https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5407f73c22b6c7e76deb95528565a29ff27334e09183807216262ec13d492469

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Length
7095
Content-Type
text/javascript; charset=utf-8
index.js
campaign.huazhu.com/cdn/libs/hud/
21 KB
7 KB
Script
General
Full URL
https://campaign.huazhu.com/cdn/libs/hud/index.js
Requested by
Host: qiyehao.huazhu.com
URL: https://qiyehao.huazhu.com/js/app.aafd41c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
240e:95d:c02:13:8000:0:d00:15 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software
volc-dcdn /
Resource Hash
14ef640b0276456b18c08c506ade30aff400a867281a4cbbee22649c71ab57db

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://qiyehao.huazhu.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 01 Jul 2024 00:51:58 GMT
via
n157-088-151.njmp.ToB,n61-184-011-004.bdcdn-hbxyct04.ToB
content-encoding
br
x-bdsa-cache-status
HIT
x-tt-trace-tag
id=5
x-cos-request-id
NjU1ZTFiMDNfYzkzNjE2MGJfMTIyNjBfN2QyYjc4MQ==
cache-via-status
cache.n157-073-026.njmp(HIT),cache.n61-184-011-006.bdcdn-hbxyct04(HIT)
x-dsa-trace-id
171979511861d684f494d24ac5b4afae40dd3f802f
x-cos-version-id
MTg0NDUwNDM0MDc3NzE4MDE0OTU
server-timing
cdn-cache;desc=HIT, origin;dur=0, edge;dur=0, cdn-cache;desc=HIT
x-dsa-origin-status
200
x-cos-hash-crc64ecma
4614566363519507978
last-modified
Wed, 22 Nov 2023 15:12:17 GMT
server
volc-dcdn
x-bdsa-cache-tm
1717242577-28983459
etag
W/"82da0f08e821443ea2404cb4e292c651"
vary
Accept-Encoding
cache-via
cache.n157-073-026.njmp,cache.n61-184-011-006.bdcdn-hbxyct04
content-type
application/javascript
x-request-ip
2001:1b60:1010:2:1011:3d75:184d:79ab
cache-control
max-age=31536000
collect-rangers.js
res-pub.huazhu.com/hud/
138 KB
36 KB
Script
General
Full URL
https://res-pub.huazhu.com/hud/collect-rangers.js
Requested by
Host: qiyehao.huazhu.com
URL: https://qiyehao.huazhu.com/js/app.aafd41c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
240e:95d:c02:13:8000:0:d00:15 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software
volc-dcdn /
Resource Hash
32b566505647b0aa3936a894662140115d574b64f5d9d4a56a0e06188e3ab371

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://qiyehao.huazhu.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 01 Jul 2024 00:51:58 GMT
via
n157-088-151.njmp.ToB,n61-184-011-004.bdcdn-hbxyct04.ToB
content-encoding
gzip
x-bdsa-cache-status
HIT
x-tt-trace-tag
id=5
x-cos-request-id
NjY0MzE4OTVfYzVhYzY4NjRfYTIxZl9lOTAzZmRk
cache-via-status
cache.n157-088-152.njmp(HIT),cache.n61-184-011-006.bdcdn-hbxyct04(HIT)
x-dsa-trace-id
1719795118198d6020bb7e8cbc92b573405e3f9c87
server-timing
cdn-cache;desc=HIT, origin;dur=0, edge;dur=3, cdn-cache;desc=HIT
x-bd-follow-redirect
1
x-dsa-origin-status
200
x-cos-hash-crc64ecma
10934112943855501959
last-modified
Fri, 08 Dec 2023 02:32:09 GMT
server
volc-dcdn
x-bdsa-cache-tm
1716430801-28171683
etag
W/"344ff51cf2759b86ac1cb426d2117bd1"
vary
Accept-Encoding
cache-via
cache.n61-184-011-006.bdcdn-hbxyct04
content-type
application/javascript
access-control-allow-origin
*
x-request-ip
2001:1b60:1010:2:1011:3d75:184d:79ab
getBriefInfo
hweb-personalcenter.huazhu.com/personalCenter/memberInfo/
134 B
1 KB
XHR
General
Full URL
https://hweb-personalcenter.huazhu.com/personalCenter/memberInfo/getBriefInfo
Requested by
Host: qiyehao.huazhu.com
URL: https://qiyehao.huazhu.com/js/app.aafd41c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2402:4e00:1430:216:0:9996:82f0:45d3 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software
/
Resource Hash
3e3f59bbbe10116fa7428fe92a7d7bff8faf3e6d7f6e5922325c5759a04faa8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Client-Platform
WEB-APP
Referer
https://qiyehao.huazhu.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Jul 2024 00:52:01 GMT
XDomainRequestAllowed
1
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Request-Id
c49a0cc2-55ad-4104-97d4-a102e5302e64
Pragma
no-cache
X-Frame-Options
DENY
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
https://qiyehao.huazhu.com
Access-Control-Expose-Headers
Date,sk,userToken,language,devNo,clientPlatform,deviceFingerprinting,needRisk,pageId,ver
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Content-Type,token,authorization,Cookie,x-requested-with,Client-Platform,User-Token,language,devNo,clientPlatform,deviceFingerprinting,needRisk,pageId,ver
Expires
0
getBriefInfo
hweb-personalcenter.huazhu.com/personalCenter/memberInfo/
0
0
Preflight
General
Full URL
https://hweb-personalcenter.huazhu.com/personalCenter/memberInfo/getBriefInfo
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2402:4e00:1430:216:0:9996:82f0:45d3 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
client-platform
Access-Control-Request-Method
GET
Origin
https://qiyehao.huazhu.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Content-Type,token,authorization,Cookie,x-requested-with,Client-Platform,User-Token,language,devNo,clientPlatform,deviceFingerprinting,needRisk,pageId,ver
Access-Control-Allow-Methods
POST, GET, OPTIONS
Access-Control-Allow-Origin
https://qiyehao.huazhu.com
Access-Control-Expose-Headers
Date,sk,userToken,language,devNo,clientPlatform,deviceFingerprinting,needRisk,pageId,ver
Access-Control-Max-Age
1728000
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Date
Mon, 01 Jul 2024 00:52:00 GMT
Expires
0
Pragma
no-cache
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Request-Id
155fe7f7-8e3e-4f8c-821c-c6372f3d62c8
X-XSS-Protection
1; mode=block
XDomainRequestAllowed
1
switch.gif
hud.huazhu.com/web/
66 B
613 B
XHR
General
Full URL
https://hud.huazhu.com/web/switch.gif?appid=300001
Requested by
Host: campaign.huazhu.com
URL: https://campaign.huazhu.com/cdn/libs/hud/index.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
120.133.230.38 , China, ASN4811 (CHINANET-SHANGHAI-MAN China Telecom Group, CN),
Reverse DNS
Software
APISIX /
Resource Hash
6c0864c770f01f2d3cb61f4e5e27661797e7e184d12ab8c55e3171625b964f1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://qiyehao.huazhu.com/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Jul 2024 00:51:59 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
66
X-XSS-Protection
1; mode=block
X-Request-Id
100599e8-54a4-4a66-9922-5bbcc7e33347
Pragma
no-cache
Server
APISIX
X-Frame-Options
DENY
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Headers
x-requested-with,content-Type
Keep-Alive
timeout=60
Expires
0
webid
snssdk.huazhu.com/
0
0
Preflight
General
Full URL
https://snssdk.huazhu.com/webid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
120.133.230.35 , China, ASN4811 (CHINANET-SHANGHAI-MAN China Telecom Group, CN),
Reverse DNS
Software
APISIX /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://qiyehao.huazhu.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Access-Control-Allow-Headers
Origin,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,content-type,x-tracing-id,Content-Length,Host
Access-Control-Allow-Methods
GET, OPTIONS, HEAD, PUT, POST
Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Length
0
Cross-Origin-Resource-Policy
cross-origin
Date
Mon, 01 Jul 2024 00:51:59 GMT
Keep-Alive
timeout=60
Server
APISIX
Upstream-Caught
1719795119508150
X-M-Request-Start
t=1719795119.508
X-Tt-Logid
2024070108515901004200409493930
webid
snssdk.huazhu.com/
38 B
757 B
XHR
General
Full URL
https://snssdk.huazhu.com/webid
Requested by
Host: res-pub.huazhu.com
URL: https://res-pub.huazhu.com/hud/collect-rangers.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
120.133.230.35 , China, ASN4811 (CHINANET-SHANGHAI-MAN China Telecom Group, CN),
Reverse DNS
Software
APISIX /
Resource Hash
85f4244b3423c013987e5ab793b3588b7787a016c0b44eb0793b5bc631cc1842

Request headers

Referer
https://qiyehao.huazhu.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type
application/json; charset=UTF-8

Response headers

Date
Mon, 01 Jul 2024 00:52:00 GMT
Content-Encoding
br
Upstream-Caught
1719795120413883
Server
APISIX
X-Tt-Logid
2024070108520001004200112434963
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, OPTIONS, HEAD, PUT, POST
Content-Type
application/json; charset=utf-8
Vary
Accept-Encoding
Access-Control-Allow-Origin
*
X-M-Request-Start
t=1719795120.420
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Keep-Alive
timeout=60
Access-Control-Allow-Headers
Origin,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,content-type,x-tracing-id,Content-Length,Host
favicon.ico
qiyehao.huazhu.com/
17 KB
4 KB
Other
General
Full URL
https://qiyehao.huazhu.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
120.133.230.38 , China, ASN4811 (CHINANET-SHANGHAI-MAN China Telecom Group, CN),
Reverse DNS
Software
APISIX /
Resource Hash
775adbf3523ea92b05f039c2c9f5d5a462e466b6895d614d3218976231caeaac

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://qiyehao.huazhu.com/home?verifyCode=d45168aab94ff5498e35203666d9a514&fromChannel=HZHXCX
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Jul 2024 00:52:01 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 May 2024 14:24:27 GMT
Server
APISIX
ETag
W/"66573a9b-423e"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/x-icon
Cache-Control
no-cache, no-store
Connection
keep-alive
Keep-Alive
timeout=60
X-Request-Id
44af7be3-96d3-4ab3-bfc3-d0bdceaec9f8
list
snssdk.huazhu.com/
0
0
Preflight
General
Full URL
https://snssdk.huazhu.com/list
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
120.133.230.35 , China, ASN4811 (CHINANET-SHANGHAI-MAN China Telecom Group, CN),
Reverse DNS
Software
APISIX /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://qiyehao.huazhu.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Access-Control-Allow-Headers
Origin,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,content-type,x-tracing-id,Content-Length,Host
Access-Control-Allow-Methods
GET, OPTIONS, HEAD, PUT, POST
Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Length
0
Cross-Origin-Resource-Policy
cross-origin
Date
Mon, 01 Jul 2024 00:52:00 GMT
Keep-Alive
timeout=60
Server
APISIX
Upstream-Caught
1719795120673357
X-M-Request-Start
t=1719795120.673
X-Tt-Logid
2024070108520001004200510926899
list
snssdk.huazhu.com/
95 B
796 B
XHR
General
Full URL
https://snssdk.huazhu.com/list
Requested by
Host: res-pub.huazhu.com
URL: https://res-pub.huazhu.com/hud/collect-rangers.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
120.133.230.35 , China, ASN4811 (CHINANET-SHANGHAI-MAN China Telecom Group, CN),
Reverse DNS
Software
APISIX /
Resource Hash
768900892080fd23c9e06e4f3fe5b1b18eb56418be8f991f5f041f14351f7f28

Request headers

Referer
https://qiyehao.huazhu.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type
application/json; charset=UTF-8

Response headers

Date
Mon, 01 Jul 2024 00:52:00 GMT
Content-Encoding
br
Upstream-Caught
1719795120921045
Server
APISIX
X-Tt-Logid
2024070108520001004200409419236
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, OPTIONS, HEAD, PUT, POST
Content-Type
application/json; charset=utf-8
Vary
Accept-Encoding
Access-Control-Allow-Origin
*
X-M-Request-Start
t=1719795120.921
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Keep-Alive
timeout=60
Access-Control-Allow-Headers
Origin,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,content-type,x-tracing-id,Content-Length,Host

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| _AMapSecurityConfig object| AMap function| _jsload_ function| _cssload_ object| jsonp_706161_ object| webpackChunkqiyehao_h5 object| __core-js_shared__ function| share string| TeaAnalyticsObject function| collectEvent object| hua boolean| __parseUrlQuery_searchHasDecode object| hud object| hud_ object| LogPluginObject

7 Cookies

Domain/Path Name / Value
.huazhu.com/ Name: _hudVID
Value: f0f928b5-4b56-7762-2f36-9ee826a63b1c
.huazhu.com/ Name: _hudPVID
Value: 2
.huazhu.com/ Name: _hudSID_TS
Value: 1719795118265
.huazhu.com/ Name: _hudSID
Value: 1719795118265_1
.huazhu.com/ Name: _hudSource
Value:
.huazhu.com/ Name: __tea_cache_tokens_10000020
Value: {%22web_id%22:%227386463796220406272%22%2C%22user_unique_id%22:%227386463796220406272%22%2C%22timestamp%22:1719795120513%2C%22_type_%22:%22default%22}
hweb-personalcenter.huazhu.com/ Name: tgw_l7_route
Value: 618c99acd2da0c41e765247269b4fce2

3 Console Messages

Source Level URL
Text
javascript warning URL: https://webapi.amap.com/maps?v=1.4.15&key=770e41bb8fd6e36357fae35dc531fbe7(Line 620)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://webapi.amap.com/maps/modules?v=1.4.27&key=770e41bb8fd6e36357fae35dc531fbe7&vrs=1718085179880&m=vectorlayer,overlay,cgl,sync, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://webapi.amap.com/maps?v=1.4.15&key=770e41bb8fd6e36357fae35dc531fbe7(Line 620)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://webapi.amap.com/maps/modules?v=1.4.27&key=770e41bb8fd6e36357fae35dc531fbe7&vrs=1718085179880&m=vectorlayer,overlay,cgl,sync, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://hweb-personalcenter.huazhu.com/personalCenter/memberInfo/getBriefInfo
Message:
Failed to load resource: the server responded with a status of 401 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

campaign.huazhu.com
hud.huazhu.com
hweb-personalcenter.huazhu.com
qiyehao.huazhu.com
res-pub.huazhu.com
restapi.amap.com
snssdk.huazhu.com
webapi.amap.com
120.133.230.35
120.133.230.38
2402:4e00:1430:216:0:9996:82f0:45d3
240b:4000:f20::239
240e:95d:c02:13:8000:0:d00:15
59.82.132.217
08d73f9feea3272dcb02c72b65339b038689f864f6bfc2996a6c76f63e8870b3
0e78dc628bb2f3b774e861670baec00d300375358813ab7b0b6966d7cec674c0
14ef640b0276456b18c08c506ade30aff400a867281a4cbbee22649c71ab57db
1f7045b23eae3e8cc97c3045fc26cfe6306e2978e3e832ef9b9a57972bc339ce
32b566505647b0aa3936a894662140115d574b64f5d9d4a56a0e06188e3ab371
3510bdfa7c0b5ba1e40bd3ef50efb2a98bc1e0df75118429bd21983842243f87
3e3f59bbbe10116fa7428fe92a7d7bff8faf3e6d7f6e5922325c5759a04faa8d
5407f73c22b6c7e76deb95528565a29ff27334e09183807216262ec13d492469
62b06e73b55c3f82c81dac66b0ff9f5e11f650f7006ee75a32c94a0d692547c9
6c0864c770f01f2d3cb61f4e5e27661797e7e184d12ab8c55e3171625b964f1b
768900892080fd23c9e06e4f3fe5b1b18eb56418be8f991f5f041f14351f7f28
775adbf3523ea92b05f039c2c9f5d5a462e466b6895d614d3218976231caeaac
7d881c380da8d491a31f95b86c916a5460adf797d140030a27f4c1b041080a69
85f4244b3423c013987e5ab793b3588b7787a016c0b44eb0793b5bc631cc1842
a016e4885f7b5ad4f65ccdaa7f1fabe9a65dfb4e36f6b4f6cfbd21e6b6c52a43
c8896682ee03ce23287fbb155db62237891e589554bdfb7721207e44b4823fd3