urlscan.io logo urlscan.io
SecurityTrails logo

test-app.xmt.cn Open in urlscan Pro
120.27.195.178  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://test-app.xmt.cn/
Effective URL: http://test-app.xmt.cn/users/auth/page
Submission: On March 06 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 120.27.195.178, located in Hangzhou, China and belongs to ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN. The main domain is test-app.xmt.cn.
This is the only time test-app.xmt.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 9 120.27.195.178 37963 (ALIBABA-C...)
2 2607:f8b0:400... 15169 (GOOGLE)
9 2
Apex Domain
Subdomains		 Transfer
9 xmt.cn
test-app.xmt.cn
272 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 30
20 KB
9 2
Domain Requested by
9 test-app.xmt.cn 2 redirects test-app.xmt.cn
2 www.google-analytics.com test-app.xmt.cn
www.google-analytics.com
9 2

This site contains links to these domains. Also see Links.

Domain
www.mugeda.com
Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1C3		 2023-02-08 -
2023-05-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://test-app.xmt.cn/users/auth/page
Frame ID: 1E3347C661B4D7ED22CF8097757C1A07
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

卡司令,微信贺卡,微信邀请卡,HTML5场景应用,微信营销神器

Page URL History Show full URLs

  1. http://test-app.xmt.cn/ HTTP 302
    http://test-app.xmt.cn/public/custom HTTP 302
    http://test-app.xmt.cn/users/auth/page Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

9
Requests

11 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

291 kB
Transfer

857 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://test-app.xmt.cn/ HTTP 302
    http://test-app.xmt.cn/public/custom HTTP 302
    http://test-app.xmt.cn/users/auth/page Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request page
test-app.xmt.cn/users/auth/
Redirect Chain
  • http://test-app.xmt.cn/
  • http://test-app.xmt.cn/public/custom
  • http://test-app.xmt.cn/users/auth/page
10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://test-app.xmt.cn/users/auth/page
Protocol
HTTP/1.1
Server
120.27.195.178 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx / PHP/7.0.27-1+ubuntu14.04.1+deb.sury.org+1
Resource Hash
2c631d8a8a3477310041594d55a1905a3caf8434eb773f6397257bf1c44de522

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
http://card.mugeda.com
Cache-Control
max-age=604800
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Mon, 06 Mar 2023 08:17:29 GMT
Expires
Mon, 13 Mar 2023 08:17:29 GMT
Pragma
no-cache
Server
nginx
Transfer-Encoding
chunked
Vary
Origin
X-Powered-By
PHP/7.0.27-1+ubuntu14.04.1+deb.sury.org+1

Redirect headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
http://card.mugeda.com
Cache-Control
max-age=604800
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 06 Mar 2023 08:17:29 GMT
Expires
Mon, 13 Mar 2023 08:17:29 GMT
Location
/users/auth/page
Pragma
no-cache
Server
nginx
Transfer-Encoding
chunked
Vary
Origin
X-Powered-By
PHP/7.0.27-1+ubuntu14.04.1+deb.sury.org+1
base.css
test-app.xmt.cn/server/js/src/dist/css/ 		183 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://test-app.xmt.cn/server/js/src/dist/css/base.css
Requested by
Host: test-app.xmt.cn
URL: http://test-app.xmt.cn/users/auth/page
Protocol
HTTP/1.1
Server
120.27.195.178 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
b3badcc78dbb5c7b23dc8464d4767c9fb66cecb44bccdca2fb231aeba661f1b2

Request headers

accept-language
en-US,en;q=0.9
Referer
http://test-app.xmt.cn/users/auth/page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Mon, 06 Mar 2023 08:17:29 GMT
Content-Encoding
gzip
Last-Modified
Wed, 07 Feb 2018 08:50:26 GMT
Server
nginx
ETag
W/"5a7abdd2-2dc79"
Transfer-Encoding
chunked
Vary
Origin
Content-Type
text/css
Access-Control-Allow-Origin
http://card.mugeda.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
kasiling_logo.png
test-app.xmt.cn/server/image/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://test-app.xmt.cn/server/image/kasiling_logo.png
Requested by
Host: test-app.xmt.cn
URL: http://test-app.xmt.cn/users/auth/page
Protocol
HTTP/1.1
Server
120.27.195.178 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
c79da2c1e8b5b1a55057446f943db74ce303feea2b4986f9dd3330103ce4fdc4

Request headers

accept-language
en-US,en;q=0.9
Referer
http://test-app.xmt.cn/users/auth/page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Mon, 06 Mar 2023 08:17:29 GMT
Last-Modified
Wed, 07 Feb 2018 08:50:34 GMT
Server
nginx
ETag
"5a7abdda-13aa"
Vary
Origin
Content-Type
image/png
Access-Control-Allow-Origin
http://card.mugeda.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5034
base.js
test-app.xmt.cn/server/js/src/dist/ 		590 KB
204 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://test-app.xmt.cn/server/js/src/dist/base.js?5b2de532af34609698dba8bac04a6faf
Requested by
Host: test-app.xmt.cn
URL: http://test-app.xmt.cn/users/auth/page
Protocol
HTTP/1.1
Server
120.27.195.178 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
6800ae1c0d565f23c754e3050bb73b611d1157a8c286b29ebfa814bda5ba736d

Request headers

accept-language
en-US,en;q=0.9
Referer
http://test-app.xmt.cn/users/auth/page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Mon, 06 Mar 2023 08:17:29 GMT
Content-Encoding
gzip
Last-Modified
Wed, 07 Feb 2018 08:50:26 GMT
Server
nginx
ETag
W/"5a7abdd2-93747"
Transfer-Encoding
chunked
Vary
Origin
Content-Type
application/x-javascript
Access-Control-Allow-Origin
http://card.mugeda.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: test-app.xmt.cn
URL: http://test-app.xmt.cn/users/auth/page
Protocol
H2
Server
2607:f8b0:4006:81c::200e Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
http://test-app.xmt.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 06 Mar 2023 06:41:43 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
5747
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Mon, 06 Mar 2023 08:41:43 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
goodbye-kasiling.jpg
test-app.xmt.cn/server/image/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://test-app.xmt.cn/server/image/goodbye-kasiling.jpg
Requested by
Host: test-app.xmt.cn
URL: http://test-app.xmt.cn/server/js/src/dist/css/base.css
Protocol
HTTP/1.1
Server
120.27.195.178 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
8eb8839c122e6e593b1970235da8a32b0f261fe124c4b1514f07f3b3486d2ec1

Request headers

accept-language
en-US,en;q=0.9
Referer
http://test-app.xmt.cn/server/js/src/dist/css/base.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Mon, 06 Mar 2023 08:17:30 GMT
Last-Modified
Wed, 07 Feb 2018 08:50:34 GMT
Server
nginx
ETag
"5a7abdda-3448"
Vary
Origin
Content-Type
image/jpeg
Access-Control-Allow-Origin
http://card.mugeda.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13384
collect
www.google-analytics.com/j/ 		3 B
207 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=519856522&t=pageview&_s=1&dl=http%3A%2F%2Ftest-app.xmt.cn%2Fusers%2Fauth%2Fpage&ul=en-us&de=UTF-8&dt=%E5%8D%A1%E5%8F%B8%E4%BB%A4%EF%BC%8C%E5%BE%AE%E4%BF%A1%E8%B4%BA%E5%8D%A1%EF%BC%8C%E5%BE%AE%E4%BF%A1%E9%82%80%E8%AF%B7%E5%8D%A1%EF%BC%8CHTML5%E5%9C%BA%E6%99%AF%E5%BA%94%E7%94%A8%EF%BC%8C%E5%BE%AE%E4%BF%A1%E8%90%A5%E9%94%80%E7%A5%9E%E5%99%A8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1146188074&gjid=868582866&cid=407143220.1678090651&tid=UA-38551434-1&_gid=1139040044.1678090651&_r=1&_slc=1&z=1982279738
Requested by
Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::200e Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://test-app.xmt.cn/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 06 Mar 2023 08:17:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://test-app.xmt.cn
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
login.js
test-app.xmt.cn/server/js/src/dist/page/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://test-app.xmt.cn/server/js/src/dist/page/login.js?5b2de532af34609698dba8bac04a6faf
Requested by
Host: test-app.xmt.cn
URL: http://test-app.xmt.cn/server/js/src/dist/base.js?5b2de532af34609698dba8bac04a6faf
Protocol
HTTP/1.1
Server
120.27.195.178 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
13d065046555a08155580d5cc263fea943b84f8d95b824b67c63c38ecb48c269

Request headers

accept-language
en-US,en;q=0.9
Referer
http://test-app.xmt.cn/users/auth/page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Mon, 06 Mar 2023 08:17:31 GMT
Content-Encoding
gzip
Last-Modified
Wed, 07 Feb 2018 08:50:26 GMT
Server
nginx
ETag
W/"5a7abdd2-8f4"
Transfer-Encoding
chunked
Vary
Origin
Content-Type
application/x-javascript
Access-Control-Allow-Origin
http://card.mugeda.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
kasiling_logo_orange.png
test-app.xmt.cn/server/image/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://test-app.xmt.cn/server/image/kasiling_logo_orange.png
Requested by
Host: test-app.xmt.cn
URL: http://test-app.xmt.cn/users/auth/page
Protocol
HTTP/1.1
Server
120.27.195.178 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
97b36c1db8a37f0180d8f79c402433d587832e25b6ad959bf87b46286e07616a

Request headers

accept-language
en-US,en;q=0.9
Referer
http://test-app.xmt.cn/users/auth/page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Mon, 06 Mar 2023 08:17:31 GMT
Last-Modified
Wed, 07 Feb 2018 08:50:34 GMT
Server
nginx
ETag
"5a7abdda-130d"
Vary
Origin
Content-Type
image/png
Access-Control-Allow-Origin
http://card.mugeda.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4877

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless string| LOGIN_URL string| REGISTER_URL string| LOGIN_CHECK_URL string| CUSTOM_URL string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| QR8bitByte function| QRCode function| QRPolynomial function| QRRSBlock function| QRBitBuffer object| QRMode object| QRErrorCorrectLevel object| QRMaskPattern object| QRUtil object| QRMath function| template function| $ function| jQuery object| jQuery1111029430647314545255 function| Slider object| ColorPicker object| d3 object| nv function| moment object| seajs function| define

3 Cookies

Domain/Path Name / Value
.xmt.cn/ Name: _ga
Value: GA1.2.407143220.1678090651
.xmt.cn/ Name: _gid
Value: GA1.2.1139040044.1678090651
.xmt.cn/ Name: _gat
Value: 1