ums.koreanair.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 13.125.78.189, located in Korea, Republic Of and belongs to AMAZON-02, US. The main domain is ums.koreanair.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 7th 2023. Valid for: a year.

This is the only time ums.koreanair.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	35.210.200.138 35.210.200.138	19527 (GOOGLE-2) (GOOGLE-2)
2	13.125.78.189 13.125.78.189	16509 (AMAZON-02) (AMAZON-02)
4	2

2 35.210.200.138 (Brussels, Belgium)

ASN19527 (GOOGLE-2, US)
PTR: 138.200.210.35.bc.googleusercontent.com

scanner.topsec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.125.78.189 (Korea, Republic Of)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-125-78-189.ap-northeast-2.compute.amazonaws.com

ums.koreanair.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	koreanair.com ums.koreanair.com	5 KB
2	topsec.com scanner.topsec.com — Cisco Umbrella Rank: 376681	18 KB
4	2

	Domain	Requested by
2	ums.koreanair.com	ums.koreanair.com
2	scanner.topsec.com	scanner.topsec.com
4	2

This site contains no links.

Subject Issuer	Validity	Valid
topsec.com Sectigo RSA Organization Validation Secure Server CA	`2022-11-10` - `2023-12-08`	a year	crt.sh
*.koreanair.com Amazon RSA 2048 M02	`2023-02-07` - `2024-02-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ums.koreanair.com/Check.html?redirectUrl=TV9JRD01MTMy&U1RZUEU9TUFTUw==&TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=&S0lORD1D&Q0lEPTAwMg==&URL=https://clarecoco.apor.co.za/5kofp6/YW5yeWFuQGNsYXJlY29jby5pZQ==
Frame ID: B799F26FE25515457BF9BBCE3A3FA137
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://scanner.topsec.com/?d=1293&r=show&u=https%3A%2F%2Fums.koreanair.com%2FCheck.html%3FredirectUrl%... Page URL
https://ums.koreanair.com/Check.html?redirectUrl=TV9JRD01MTMy&U1RZUEU9TUFTUw==&TElTVF9UQUJMRT1FTVNfTUF... Page URL

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

23 kB
Transfer

21 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://scanner.topsec.com/?d=1293&r=show&u=https%3A%2F%2Fums.koreanair.com%2FCheck.html%3FredirectUrl%3DTV9JRD01MTMy%26U1RZUEU9TUFTUw%3D%3D%26TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q%3D%26UE9TVF9JRD0yMDE5MDkyMzAwMDAy%26VEM9MjAxOTEwMjM%3D%26S0lORD1D%26Q0lEPTAwMg%3D%3D%26URL%3Dhttps%3A%2F%2Fclarecoco.apor.co.za%2F5kofp6%2FYW5yeWFuQGNsYXJlY29jby5pZQ%3D%3D&t=f8e3cbd386a68230bff9672840aab8667132fd50 Page URL
https://ums.koreanair.com/Check.html?redirectUrl=TV9JRD01MTMy&U1RZUEU9TUFTUw==&TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=&S0lORD1D&Q0lEPTAwMg==&URL=https://clarecoco.apor.co.za/5kofp6/YW5yeWFuQGNsYXJlY29jby5pZQ== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response scanner.topsec.com/	2 KB 2 KB	247ms 157ms	Document text/html	35.210.200.138 GOOGLE-2
General Check archive.org Show headers Download Go to Full URL https://scanner.topsec.com/?d=1293&r=show&u=https%3A%2F%2Fums.koreanair.com%2FCheck.html%3FredirectUrl%3DTV9JRD01MTMy%26U1RZUEU9TUFTUw%3D%3D%26TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q%3D%26UE9TVF9JRD0yMDE5MDkyMzAwMDAy%26VEM9MjAxOTEwMjM%3D%26S0lORD1D%26Q0lEPTAwMg%3D%3D%26URL%3Dhttps%3A%2F%2Fclarecoco.apor.co.za%2F5kofp6%2FYW5yeWFuQGNsYXJlY29jby5pZQ%3D%3D&t=f8e3cbd386a68230bff9672840aab8667132fd50 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 35.210.200.138 Brussels, Belgium, ASN19527 (GOOGLE-2, US), Reverse DNS 138.200.210.35.bc.googleusercontent.com Software nginx/1.18.0 / Resource Hash `275437c3eab16155385b889198f7c90a1cb3dc3d5597e55e73fb8fa2f4225c65` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Length 2162 Content-Type text/html; charset=utf-8 Date Fri, 24 Mar 2023 14:01:08 GMT Server nginx/1.18.0
GET H/1.1	200 OK	topsec_logo.png scanner.topsec.com/images/	15 KB 16 KB	31ms 31ms	Image image/png	35.210.200.138 GOOGLE-2
General Check archive.org Show headers Download Go to Show image Full URL https://scanner.topsec.com/images/topsec_logo.png Requested by Host: scanner.topsec.com URL: https://scanner.topsec.com/?d=1293&r=show&u=https%3A%2F%2Fums.koreanair.com%2FCheck.html%3FredirectUrl%3DTV9JRD01MTMy%26U1RZUEU9TUFTUw%3D%3D%26TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q%3D%26UE9TVF9JRD0yMDE5MDkyMzAwMDAy%26VEM9MjAxOTEwMjM%3D%26S0lORD1D%26Q0lEPTAwMg%3D%3D%26URL%3Dhttps%3A%2F%2Fclarecoco.apor.co.za%2F5kofp6%2FYW5yeWFuQGNsYXJlY29jby5pZQ%3D%3D&t=f8e3cbd386a68230bff9672840aab8667132fd50 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 35.210.200.138 Brussels, Belgium, ASN19527 (GOOGLE-2, US), Reverse DNS 138.200.210.35.bc.googleusercontent.com Software nginx/1.18.0 / Resource Hash `246124bfdfbc23dac56a19ac8a486d4742f6da9fc08c8c73e0cef624abc23e8f` Request headers accept-language de-DE,de;q=0.9 Referer https://scanner.topsec.com/?d=1293&r=show&u=https%3A%2F%2Fums.koreanair.com%2FCheck.html%3FredirectUrl%3DTV9JRD01MTMy%26U1RZUEU9TUFTUw%3D%3D%26TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q%3D%26UE9TVF9JRD0yMDE5MDkyMzAwMDAy%26VEM9MjAxOTEwMjM%3D%26S0lORD1D%26Q0lEPTAwMg%3D%3D%26URL%3Dhttps%3A%2F%2Fclarecoco.apor.co.za%2F5kofp6%2FYW5yeWFuQGNsYXJlY29jby5pZQ%3D%3D&t=f8e3cbd386a68230bff9672840aab8667132fd50 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Pragma public Date Fri, 24 Mar 2023 14:01:08 GMT Last-Modified Fri, 20 Sep 2019 11:43:12 GMT Server nginx/1.18.0 ETag "5d84bb50-3cd3" Content-Type image/png Cache-Control max-age=315360000, public, must-validate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 15571 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	Primary Request Check.html Show response ums.koreanair.com/	3 KB 4 KB	901ms 286ms	Document text/html	13.125.78.189 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ums.koreanair.com/Check.html?redirectUrl=TV9JRD01MTMy&U1RZUEU9TUFTUw==&TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=&S0lORD1D&Q0lEPTAwMg==&URL=https://clarecoco.apor.co.za/5kofp6/YW5yeWFuQGNsYXJlY29jby5pZQ== Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.125.78.189 , Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-125-78-189.ap-northeast-2.compute.amazonaws.com Software Apache / Resource Hash `d6876acacef2ce3fe6a8867de47a4cd530ef8353af3caaf856b87f25d6243f28` Request headers Referer https://scanner.topsec.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes content-length 3217 content-type text/html; charset=UTF-8 date Fri, 24 Mar 2023 14:01:12 GMT etag "c91-5f750ab3af702" last-modified Mon, 20 Mar 2023 08:25:25 GMT server Apache
GET H2	200	no_img.gif ums.koreanair.com/img/	811 B 1 KB	282ms 282ms	Image image/gif	13.125.78.189 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ums.koreanair.com/img/no_img.gif Requested by Host: ums.koreanair.com URL: https://ums.koreanair.com/Check.html?redirectUrl=TV9JRD01MTMy&U1RZUEU9TUFTUw==&TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=&S0lORD1D&Q0lEPTAwMg==&URL=https://clarecoco.apor.co.za/5kofp6/YW5yeWFuQGNsYXJlY29jby5pZQ== Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.125.78.189 , Korea, Republic Of, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-125-78-189.ap-northeast-2.compute.amazonaws.com Software Apache / Resource Hash `f48bb48b6962309f3c3a07f7c1494d98ef94959f1cd320b7390da795e35a7cab` Request headers accept-language de-DE,de;q=0.9 Referer https://ums.koreanair.com/Check.html?redirectUrl=TV9JRD01MTMy&U1RZUEU9TUFTUw==&TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=&S0lORD1D&Q0lEPTAwMg==&URL=https://clarecoco.apor.co.za/5kofp6/YW5yeWFuQGNsYXJlY29jby5pZQ== User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Fri, 24 Mar 2023 14:01:12 GMT last-modified Fri, 28 Mar 2014 07:08:29 GMT server Apache accept-ranges bytes etag "32b-4f5a55e661540" content-length 811 content-type image/gif

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ums.koreanair.com/	1970-01-20 10:44:31	Name: AWSALB Value: 4nEBDFxEVw+OZS/vLU+dltcSSeEWASCg9D22ZZApOICbcCC4GCRKDhLIa82ds08mQNgQ2/zHhP0211JD66BtNq6ujvSSXkJd+Gs2SfLvAnxsiAC8YPssg7bx+9TF
			ums.koreanair.com/	1970-01-20 10:44:31	Name: AWSALBCORS Value: 4nEBDFxEVw+OZS/vLU+dltcSSeEWASCg9D22ZZApOICbcCC4GCRKDhLIa82ds08mQNgQ2/zHhP0211JD66BtNq6ujvSSXkJd+Gs2SfLvAnxsiAC8YPssg7bx+9TF

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

scanner.topsec.com
ums.koreanair.com
13.125.78.189
35.210.200.138
246124bfdfbc23dac56a19ac8a486d4742f6da9fc08c8c73e0cef624abc23e8f
275437c3eab16155385b889198f7c90a1cb3dc3d5597e55e73fb8fa2f4225c65
d6876acacef2ce3fe6a8867de47a4cd530ef8353af3caaf856b87f25d6243f28
f48bb48b6962309f3c3a07f7c1494d98ef94959f1cd320b7390da795e35a7cab

ums.koreanair.com Open in urlscan Pro 13.125.78.189 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

4 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

23 kBTransfer

21 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

2 Cookies

Indicators

ums.koreanair.com Open in urlscan Pro
13.125.78.189 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

23 kB
Transfer

21 kB
Size

2
Cookies

4 HTTP transactions
0 data transactions