thingsiolk.airmessage.cn Open in urlscan Pro
119.254.62.252 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html
Effective URL:
https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html
Submission: On July 29 via api (July 29th 2024, 8:56:55 am UTC) from BE — Scanned from DE

Summary HTTP 6 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 119.254.62.252, located in China and belongs to CNIX-AP China Networks Inter-Exchange, CN. The main domain is thingsiolk.airmessage.cn.
TLS certificate: Issued by Xcc Trust DV SSL CA on January 22nd 2024. Valid for: a year.

This is the only time thingsiolk.airmessage.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	119.254.62.252 119.254.62.252	4847 (CNIX-AP C...) (CNIX-AP China Networks Inter-Exchange)
4	119.254.65.34 119.254.65.34	4847 (CNIX-AP C...) (CNIX-AP China Networks Inter-Exchange)
6	2

2 119.254.62.252 (China)

ASN4847 (CNIX-AP China Networks Inter-Exchange, CN)
PTR: sn62mta252.uedm.net

thingsiolk.airmessage.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 119.254.65.34 (China)

ASN4847 (CNIX-AP China Networks Inter-Exchange, CN)
PTR: unimarketing.org

xp.unimarketing.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	unimarketing.cn xp.unimarketing.cn	2 MB
2	airmessage.cn thingsiolk.airmessage.cn	9 KB
6	2

	Domain	Requested by
4	xp.unimarketing.cn	thingsiolk.airmessage.cn
2	thingsiolk.airmessage.cn
6	2

This site contains links to these domains. Also see Links.

Domain
xp.unimarketing.cn

Subject Issuer	Validity	Valid
*.airmessage.cn Xcc Trust DV SSL CA	`2024-01-22` - `2025-01-21`	a year	crt.sh
xp.unimarketing.cn Encryption Everywhere DV TLS CA - G1	`2023-01-16` - `2024-01-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html
Frame ID: 6869761A8021B960926495BB1CFB166C
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Document

Page URL History Show full URLs

http://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html HTTP 307
https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Page URL

Page Statistics

6
Requests

33 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1755 kB
Transfer

1753 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://xp.unimarketing.cn/t/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html
Title: web version

Search URL Search Domain Scan URL

URL: https://xp.unimarketing.cn/t/t/jn0v2riqgsj-9lnrn8-4mv3n-8qd4u-xo98r9oi.html?url=aHR0cHM6Ly93d3cub25lc3VucHYuY29t
Title: https://www.onesunpv.com

Search URL Search Domain Scan URL

URL: https://xp.unimarketing.cn/t/t/jn0v2riqgsj-9lnrn8-4mv3n-8qd4v-hzv1si3g.html?url=aHR0cHM6Ly93d3cueW91dHViZS5jb20vQE9ORVNVTkZhY3Rvcnk
Title: https://www.youtube.com/@ONESUNFactory

Search URL Search Domain Scan URL

URL: http://xp.unimarketing.cn/t/t/jn0v2riqgsj-9lnrn8-4mv3n-280g-unsubscribe-zh-vtqyrs1y.html
Title: unsubscribe here

Search URL Search Domain Scan URL

URL: http://xp.unimarketing.cn/t/t/jn0v2riqgsj-9lnrn8-4mv3n-abuse-zh-cfxyv9wa.html
Title: 投诉

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html HTTP 307
https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Show response thingsiolk.airmessage.cn/t/ Redirect Chain http://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html	7 KB 7 KB	1261ms 426ms	Document text/html	119.254.62.252 CNIX-AP China Net...
General Check archive.org Show headers Download Go to Full URL https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 119.254.62.252 , China, ASN4847 (CNIX-AP China Networks Inter-Exchange, CN), Reverse DNS sn62mta252.uedm.net Software nginx/1.20.1 / Servlet 2.4; JBoss-4.2.1.GA (build: SVNTag=JBoss_4_2_1_GA date=200707131605)/Tomcat-5.5 Resource Hash `c116c50941cecd8f6860071e976c177d540e090e4acad4bfd8fa79ba76351d38` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Connection keep-alive Content-Length 7022 Content-Type text/html;charset=UTF-8 Date Mon, 29 Jul 2024 08:56:47 GMT Server nginx/1.20.1 X-Powered-By Servlet 2.4; JBoss-4.2.1.GA (build: SVNTag=JBoss_4_2_1_GA date=200707131605)/Tomcat-5.5 Redirect headers Location https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	200 OK	3439447.jpg xp.unimarketing.cn/files/12178/f/	394 KB 395 KB	1004ms 286ms	Image image/jpeg	119.254.65.34 CNIX-AP China Net...
General Check archive.org Show headers Download Go to Show image Full URL https://xp.unimarketing.cn/files/12178/f/3439447.jpg Requested by Host: thingsiolk.airmessage.cn URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 119.254.65.34 , China, ASN4847 (CNIX-AP China Networks Inter-Exchange, CN), Reverse DNS unimarketing.org Software nginx/1.20.1 / Resource Hash `83c6cbf4e275d48475018e652c34891dc1d55c31f9d2074d688d8e3b92028ce9` Request headers Referer https://thingsiolk.airmessage.cn/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Mon, 29 Jul 2024 08:56:48 GMT Last-Modified Tue, 09 Jul 2024 06:37:28 GMT Server nginx/1.20.1 ETag "668cdaa8-629ee" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 403950
GET H/1.1	200 OK	3439572.jpg xp.unimarketing.cn/files/12178/f/	341 KB 341 KB	1198ms 299ms	Image image/jpeg	119.254.65.34 CNIX-AP China Net...
General Check archive.org Show headers Download Go to Show image Full URL https://xp.unimarketing.cn/files/12178/f/3439572.jpg Requested by Host: thingsiolk.airmessage.cn URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 119.254.65.34 , China, ASN4847 (CNIX-AP China Networks Inter-Exchange, CN), Reverse DNS unimarketing.org Software nginx/1.20.1 / Resource Hash `5cc3da43322a7d1254c030052604fb1945c271c45c00efcaebc01e686efff596` Request headers Referer https://thingsiolk.airmessage.cn/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Mon, 29 Jul 2024 08:56:48 GMT Last-Modified Wed, 10 Jul 2024 06:11:21 GMT Server nginx/1.20.1 ETag "668e2609-55303" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 348931
GET H/1.1	200 OK	3439747.png xp.unimarketing.cn/files/12178/f/	1010 KB 1010 KB	996ms 298ms	Image image/png	119.254.65.34 CNIX-AP China Net...
General Check archive.org Show headers Download Go to Show image Full URL https://xp.unimarketing.cn/files/12178/f/3439747.png Requested by Host: thingsiolk.airmessage.cn URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 119.254.65.34 , China, ASN4847 (CNIX-AP China Networks Inter-Exchange, CN), Reverse DNS unimarketing.org Software nginx/1.20.1 / Resource Hash `82969f796e25a772ca80fbd58a6cdd7b1ee690c92c7fd85372cc9e5b269a519c` Request headers Referer https://thingsiolk.airmessage.cn/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Mon, 29 Jul 2024 08:56:48 GMT Last-Modified Fri, 12 Jul 2024 01:22:54 GMT Server nginx/1.20.1 ETag "6690856e-fc636" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 1033782
GET H/1.1	200 OK	jn0v2riqgsj-9lnrn8-4mv3n-h8r6shfy.gif xp.unimarketing.cn/t/t/	43 B 383 B	878ms 181ms	Image image/gif	119.254.65.34 CNIX-AP China Net...
General Check archive.org Show headers Download Go to Show image Full URL https://xp.unimarketing.cn/t/t/jn0v2riqgsj-9lnrn8-4mv3n-h8r6shfy.gif?cid=bsi&mstatus=3 Requested by Host: thingsiolk.airmessage.cn URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 119.254.65.34 , China, ASN4847 (CNIX-AP China Networks Inter-Exchange, CN), Reverse DNS unimarketing.org Software nginx/1.20.1 / Servlet 2.4; JBoss-4.2.1.GA (build: SVNTag=JBoss_4_2_1_GA date=200707131605)/Tomcat-5.5 Resource Hash `17b653428e5c492ce3cd0776fb4b461ec7d69819685a7977c5154c872e3b1f9e` Request headers Referer https://thingsiolk.airmessage.cn/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Mon, 29 Jul 2024 08:56:48 GMT Server nginx/1.20.1 Connection keep-alive X-Powered-By Servlet 2.4; JBoss-4.2.1.GA (build: SVNTag=JBoss_4_2_1_GA date=200707131605)/Tomcat-5.5 Transfer-Encoding chunked Content-Type image/gif
GET H/1.1	200 OK	favicon.ico thingsiolk.airmessage.cn/	1 KB 2 KB	175ms 174ms	Other image/x-icon	119.254.62.252 CNIX-AP China Net...
General Check archive.org Show headers Download Go to Full URL https://thingsiolk.airmessage.cn/favicon.ico Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 119.254.62.252 , China, ASN4847 (CNIX-AP China Networks Inter-Exchange, CN), Reverse DNS sn62mta252.uedm.net Software nginx/1.20.1 / Resource Hash `3e21d17d2a5b9223e6139726b4334c9d418d954181181e7197a3440af3c1dce3` Request headers Referer https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Mon, 29 Jul 2024 08:56:51 GMT Last-Modified Mon, 30 Nov 2020 10:04:50 GMT Server nginx/1.20.1 ETag "5fc4c3c2-5b6" Content-Type image/x-icon Connection keep-alive Accept-Ranges bytes Content-Length 1462

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			thingsiolk.airmessage.cn/	1969-12-31 23:59:59	Name: JSESSIONID Value: 2296BADD8B6FBEBE8275385630359544.node3

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Message: Mixed Content: The page at 'https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html' was loaded over HTTPS, but requested an insecure element 'http://xp.unimarketing.cn/files/12178/f/3439447.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Message: Mixed Content: The page at 'https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html' was loaded over HTTPS, but requested an insecure element 'http://xp.unimarketing.cn/files/12178/f/3439572.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Message: Mixed Content: The page at 'https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html' was loaded over HTTPS, but requested an insecure element 'http://xp.unimarketing.cn/files/12178/f/3439747.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html Message: Mixed Content: The page at 'https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html' was loaded over HTTPS, but requested an insecure element 'http://xp.unimarketing.cn/t/t/jn0v2riqgsj-9lnrn8-4mv3n-h8r6shfy.gif?cid=bsi&mstatus=3'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html(Line 83) Message: Mixed Content: The page at 'https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html' was loaded over HTTPS, but requested an insecure element 'http://xp.unimarketing.cn/files/12178/f/3439447.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html(Line 83) Message: Mixed Content: The page at 'https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html' was loaded over HTTPS, but requested an insecure element 'http://xp.unimarketing.cn/files/12178/f/3439572.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html(Line 83) Message: Mixed Content: The page at 'https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html' was loaded over HTTPS, but requested an insecure element 'http://xp.unimarketing.cn/files/12178/f/3439747.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html(Line 83) Message: Mixed Content: The page at 'https://thingsiolk.airmessage.cn/t/jn0v2riqgsj-9lnrn8-4mv3n-wb-zh-f47w5dct.html' was loaded over HTTPS, but requested an insecure element 'http://xp.unimarketing.cn/t/t/jn0v2riqgsj-9lnrn8-4mv3n-h8r6shfy.gif?cid=bsi&mstatus=3'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

thingsiolk.airmessage.cn
xp.unimarketing.cn
119.254.62.252
119.254.65.34
17b653428e5c492ce3cd0776fb4b461ec7d69819685a7977c5154c872e3b1f9e
3e21d17d2a5b9223e6139726b4334c9d418d954181181e7197a3440af3c1dce3
5cc3da43322a7d1254c030052604fb1945c271c45c00efcaebc01e686efff596
82969f796e25a772ca80fbd58a6cdd7b1ee690c92c7fd85372cc9e5b269a519c
83c6cbf4e275d48475018e652c34891dc1d55c31f9d2074d688d8e3b92028ce9
c116c50941cecd8f6860071e976c177d540e090e4acad4bfd8fa79ba76351d38

thingsiolk.airmessage.cn Open in urlscan Pro 119.254.62.252 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

33 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

1755 kBTransfer

1753 kBSize

1 Cookies

5 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

1 Cookies

8 Console Messages

Indicators

thingsiolk.airmessage.cn Open in urlscan Pro
119.254.62.252 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

33 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1755 kB
Transfer

1753 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions