ums.koreanair.com
Open in
urlscan Pro
13.125.78.189
Public Scan
Effective URL: https://ums.koreanair.com/Check.html?redirectUrl=TV9JRD01MTMy&U1RZUEU9TUFTUw==&TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=&UE...
Submission: On March 24 via manual from IE — Scanned from DE
Summary
TLS certificate: Issued by Amazon RSA 2048 M02 on February 7th 2023. Valid for: a year.
This is the only time ums.koreanair.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 35.210.200.138 35.210.200.138 | 19527 (GOOGLE-2) (GOOGLE-2) | |
2 | 13.125.78.189 13.125.78.189 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 2 |
ASN19527 (GOOGLE-2, US)
PTR: 138.200.210.35.bc.googleusercontent.com
scanner.topsec.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-125-78-189.ap-northeast-2.compute.amazonaws.com
ums.koreanair.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
koreanair.com
ums.koreanair.com |
5 KB |
2 |
topsec.com
scanner.topsec.com — Cisco Umbrella Rank: 376681 |
18 KB |
4 | 2 |
Domain | Requested by | |
---|---|---|
2 | ums.koreanair.com |
ums.koreanair.com
|
2 | scanner.topsec.com |
scanner.topsec.com
|
4 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
topsec.com Sectigo RSA Organization Validation Secure Server CA |
2022-11-10 - 2023-12-08 |
a year | crt.sh |
*.koreanair.com Amazon RSA 2048 M02 |
2023-02-07 - 2024-02-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ums.koreanair.com/Check.html?redirectUrl=TV9JRD01MTMy&U1RZUEU9TUFTUw==&TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=&S0lORD1D&Q0lEPTAwMg==&URL=https://clarecoco.apor.co.za/5kofp6/YW5yeWFuQGNsYXJlY29jby5pZQ==
Frame ID: B799F26FE25515457BF9BBCE3A3FA137
Requests: 4 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://scanner.topsec.com/?d=1293&r=show&u=https%3A%2F%2Fums.koreanair.com%2FCheck.html%3FredirectUrl%... Page URL
- https://ums.koreanair.com/Check.html?redirectUrl=TV9JRD01MTMy&U1RZUEU9TUFTUw==&TElTVF9UQUJMRT1FTVNfTUF... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://scanner.topsec.com/?d=1293&r=show&u=https%3A%2F%2Fums.koreanair.com%2FCheck.html%3FredirectUrl%3DTV9JRD01MTMy%26U1RZUEU9TUFTUw%3D%3D%26TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q%3D%26UE9TVF9JRD0yMDE5MDkyMzAwMDAy%26VEM9MjAxOTEwMjM%3D%26S0lORD1D%26Q0lEPTAwMg%3D%3D%26URL%3Dhttps%3A%2F%2Fclarecoco.apor.co.za%2F5kofp6%2FYW5yeWFuQGNsYXJlY29jby5pZQ%3D%3D&t=f8e3cbd386a68230bff9672840aab8667132fd50 Page URL
- https://ums.koreanair.com/Check.html?redirectUrl=TV9JRD01MTMy&U1RZUEU9TUFTUw==&TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=&S0lORD1D&Q0lEPTAwMg==&URL=https://clarecoco.apor.co.za/5kofp6/YW5yeWFuQGNsYXJlY29jby5pZQ== Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
scanner.topsec.com/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
topsec_logo.png
scanner.topsec.com/images/ |
15 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Check.html
ums.koreanair.com/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
no_img.gif
ums.koreanair.com/img/ |
811 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ums.koreanair.com/ | Name: AWSALB Value: 4nEBDFxEVw+OZS/vLU+dltcSSeEWASCg9D22ZZApOICbcCC4GCRKDhLIa82ds08mQNgQ2/zHhP0211JD66BtNq6ujvSSXkJd+Gs2SfLvAnxsiAC8YPssg7bx+9TF |
|
ums.koreanair.com/ | Name: AWSALBCORS Value: 4nEBDFxEVw+OZS/vLU+dltcSSeEWASCg9D22ZZApOICbcCC4GCRKDhLIa82ds08mQNgQ2/zHhP0211JD66BtNq6ujvSSXkJd+Gs2SfLvAnxsiAC8YPssg7bx+9TF |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
scanner.topsec.com
ums.koreanair.com
13.125.78.189
35.210.200.138
246124bfdfbc23dac56a19ac8a486d4742f6da9fc08c8c73e0cef624abc23e8f
275437c3eab16155385b889198f7c90a1cb3dc3d5597e55e73fb8fa2f4225c65
d6876acacef2ce3fe6a8867de47a4cd530ef8353af3caaf856b87f25d6243f28
f48bb48b6962309f3c3a07f7c1494d98ef94959f1cd320b7390da795e35a7cab