urlscan.io logo urlscan.io
SecurityTrails logo

widget-dev.newzip.com Open in urlscan Pro
199.36.158.100  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://widget-dev.newzip.com/
Effective URL: https://widget-dev.newzip.com/
Submission Tags: @phish_report
Submission: On October 31 via api from FI — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 11 HTTP transactions. The main IP is 199.36.158.100, located in United States and belongs to FASTLY, US. The main domain is widget-dev.newzip.com.
TLS certificate: Issued by WR3 on October 22nd 2024. Valid for: 3 months.
This is the only time widget-dev.newzip.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 199.36.158.100 54113 (FASTLY)
2 151.101.193.229 54113 (FASTLY)
2 142.250.204.10 15169 (GOOGLE)
11 3
Apex Domain
Subdomains		 Transfer
7 newzip.com
widget-dev.newzip.com
api-dev.newzip.com
42 KB
2 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 445
120 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 311
34 KB
11 3
Domain Requested by
6 widget-dev.newzip.com widget-dev.newzip.com
2 maps.googleapis.com widget-dev.newzip.com
maps.googleapis.com
2 cdn.jsdelivr.net widget-dev.newzip.com
1 api-dev.newzip.com widget-dev.newzip.com
11 4

This site contains no links.

Subject Issuer Validity Valid
uibench.com
WR3		 2024-10-22 -
2025-01-20		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
shop.11auth.com
WR3		 2024-10-24 -
2025-01-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://widget-dev.newzip.com/
Frame ID: 490D91B13195696854D23956790CE1A2
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Fastpath by Newzip

Page URL History Show full URLs

  1. http://widget-dev.newzip.com/ HTTP 307
    https://widget-dev.newzip.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • handlebars(?:\.runtime)?(?:-v([\d.]+?))?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • zip\.co
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

1
Countries

196 kB
Transfer

861 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://widget-dev.newzip.com/ HTTP 307
    https://widget-dev.newzip.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
widget-dev.newzip.com/
Redirect Chain
  • http://widget-dev.newzip.com/
  • https://widget-dev.newzip.com/
2 KB
1002 B 		Document
General
Check archive.org
Download Go to
Full URL
https://widget-dev.newzip.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
882c8f1e04ca29ab725a46db9bd9de30e74e00c2f0c528d02496d5a941fd49ca
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
br
content-length
656
content-type
text/html; charset=utf-8
date
Thu, 31 Oct 2024 18:05:41 GMT
etag
"2800d0d917f19d50a585f62f07fcbafc04a4bde4a95e8328fc5cfb079aa600ab-br"
last-modified
Fri, 29 Jul 2022 14:37:41 GMT
strict-transport-security
max-age=31556926
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-served-by
cache-syd10164-SYD
x-timer
S1730397941.246152,VS0,VE337

Redirect headers

Location
https://widget-dev.newzip.com/
Non-Authoritative-Reason
HttpsUpgrades
style.css
widget-dev.newzip.com/styles/ 		84 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://widget-dev.newzip.com/styles/style.css
Requested by
Host: widget-dev.newzip.com
URL: https://widget-dev.newzip.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6e1ff07ee6541dc7e2fbc6ba94ebdddb3aec64abf59e0443c43776c168592626
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://widget-dev.newzip.com/

Response headers

strict-transport-security
max-age=31556926
cache-control
max-age=3600
content-encoding
br
etag
"57761bb576f71ec21fa58cb45787c247755ac55db66c9da16fda5c82fe636afa-br"
x-timer
S1730397942.599866,VS0,VE389
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
MISS
content-length
7195
date
Thu, 31 Oct 2024 18:05:41 GMT
content-type
text/css; charset=utf-8
last-modified
Fri, 29 Jul 2022 14:37:41 GMT
x-served-by
cache-syd10164-SYD
x-cache-hits
0
vary
x-fh-requested-host, accept-encoding
all.css
cdn.jsdelivr.net/npm/fontawesome5-fullcss@1.1.0/css/ 		45 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/fontawesome5-fullcss@1.1.0/css/all.css
Requested by
Host: widget-dev.newzip.com
URL: https://widget-dev.newzip.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ce91e2144ea27f82292ef2c87c5d9e1d0b9994df63836130293865aca18fc550
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://widget-dev.newzip.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"b277-INLUMQZfxrOMEYftpWRjlSfiQo4"
age
45277
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, MISS
date
Thu, 31 Oct 2024 18:05:42 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-fra-etou8220106-FRA, cache-syd10156-SYD
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
9506
x-jsd-version
1.1.0
handlebars.min.js
cdn.jsdelivr.net/npm/handlebars@4.7.7/dist/ 		78 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/handlebars@4.7.7/dist/handlebars.min.js
Requested by
Host: widget-dev.newzip.com
URL: https://widget-dev.newzip.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6529eb58d68fcc67bcbf6e723f44ba61a31a0cb3130c70bee261d3c34c727449
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://widget-dev.newzip.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"139a0-8EYURDzp90LZJPv1Ss0UpEQdNAM"
age
3486678
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Thu, 31 Oct 2024 18:05:41 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230083-FRA, cache-syd10156-SYD
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
24652
x-jsd-version
4.7.7
main.js
widget-dev.newzip.com/ 		246 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget-dev.newzip.com/main.js
Requested by
Host: widget-dev.newzip.com
URL: https://widget-dev.newzip.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ee397d38aace1a262bcd39a1d543088f36c6d984945613f50cad2da78f40a21a
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://widget-dev.newzip.com/

Response headers

strict-transport-security
max-age=31556926
cache-control
max-age=3600
content-encoding
br
etag
"edbd0670b380f55e9a9476958fdc15dfe52fe34e502a82bc09839608d93c07a0-br"
x-timer
S1730397942.599841,VS0,VE396
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
MISS
content-length
28508
date
Thu, 31 Oct 2024 18:05:41 GMT
content-type
text/javascript; charset=utf-8
last-modified
Fri, 29 Jul 2022 14:37:41 GMT
x-served-by
cache-syd10164-SYD
x-cache-hits
0
vary
x-fh-requested-host, accept-encoding
js
maps.googleapis.com/maps/api/ 		383 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyDCX-Gb9_OjkuSsXOa5IQ6J5MU-KYGSSOI&libraries=places&&callback=gapiMaps.ready
Requested by
Host: widget-dev.newzip.com
URL: https://widget-dev.newzip.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.204.10 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f10.1e100.net
Software
scaffolding on HTTPServer2 /
Resource Hash
45f2acecd6dfa334a428ebd5c6d4e201825750f1d2832ab5774424191d083d51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://widget-dev.newzip.com/

Response headers

cache-control
public, max-age=1800, stale-while-revalidate=3600
timing-allow-origin
*
content-encoding
gzip
etag
de289921
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
122814
date
Thu, 31 Oct 2024 18:05:42 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
vary
Accept-Language, Origin, X-Origin, Referer
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
newzip_logo_0c2c66.svg
widget-dev.newzip.com/assets/ 		6 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widget-dev.newzip.com/assets/newzip_logo_0c2c66.svg
Requested by
Host: widget-dev.newzip.com
URL: https://widget-dev.newzip.com/styles/style.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ee527a0c924d6152e3821a24f843b2b567ea8a644254fd635c2bc25fbc12f190
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://widget-dev.newzip.com/styles/style.css

Response headers

strict-transport-security
max-age=31556926
cache-control
max-age=3600
content-encoding
br
etag
"6fc376baad61b0051c109f19ba7d1b644fad48dde9ccd4caf0ae6c5e84ce9a3f-br"
x-timer
S1730397942.002207,VS0,VE327
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
MISS
content-length
2088
date
Thu, 31 Oct 2024 18:05:42 GMT
content-type
image/svg+xml
last-modified
Fri, 29 Jul 2022 14:37:41 GMT
x-served-by
cache-syd10127-SYD
x-cache-hits
0
vary
x-fh-requested-host, accept-encoding
getConfiguration
api-dev.newzip.com/widget/v1/ 		166 B
578 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api-dev.newzip.com/widget/v1/getConfiguration
Requested by
Host: widget-dev.newzip.com
URL: https://widget-dev.newzip.com/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend / Express
Resource Hash
333317bab56cb60d9dbeced8272b01b9e0e3ba9e48c317fe31df7e768a2d80dc
Security Headers
Name Value
Content-Security-Policy default-src 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Content-Type
text/plain;charset=UTF-8
Referer
https://widget-dev.newzip.com/

Response headers

x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
MISS
date
Thu, 31 Oct 2024 18:05:42 GMT
content-type
text/html; charset=utf-8
vary
Origin, x-fh-requested-host, accept-encoding
x-cache-hits
0
x-cloud-trace-context
3291defc0bbe0d493e4a6d325b9b04b7;o=1
x-served-by
cache-syd10170-SYD
content-security-policy
default-src 'none'
cache-control
max-age=600
x-timer
S1730397942.036405,VS0,VE353
accept-ranges
bytes
access-control-allow-origin
https://widget-dev.newzip.com
content-length
166
x-powered-by
Express
server
Google Frontend
undefined.css
widget-dev.newzip.com/styles/ 		2 KB
960 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://widget-dev.newzip.com/styles/undefined.css
Requested by
Host: widget-dev.newzip.com
URL: https://widget-dev.newzip.com/main.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
882c8f1e04ca29ab725a46db9bd9de30e74e00c2f0c528d02496d5a941fd49ca
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://widget-dev.newzip.com/

Response headers

strict-transport-security
max-age=31556926
cache-control
max-age=3600
content-encoding
br
etag
"2800d0d917f19d50a585f62f07fcbafc04a4bde4a95e8328fc5cfb079aa600ab-br"
x-timer
S1730397942.395992,VS0,VE264
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
MISS
content-length
656
date
Thu, 31 Oct 2024 18:05:42 GMT
content-type
text/html; charset=utf-8
last-modified
Fri, 29 Jul 2022 14:37:41 GMT
x-served-by
cache-syd10127-SYD
x-cache-hits
0
vary
x-fh-requested-host, accept-encoding
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDCX-Gb9_OjkuSsXOa5IQ6J5MU-KYGSSOI&libraries=places&&callback=gapiMaps.ready
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.204.10 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f10.1e100.net
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://widget-dev.newzip.com/

Response headers

cache-control
private
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-origin
https://widget-dev.newzip.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
date
Thu, 31 Oct 2024 18:05:43 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
vary
Origin, X-Origin, Referer
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
favicon.ico
widget-dev.newzip.com/ 		15 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://widget-dev.newzip.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3f853a8079501bc04146510d83d4642e9647a9102fa56d1e8af3842f881818e7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://widget-dev.newzip.com/

Response headers

strict-transport-security
max-age=31556926
cache-control
max-age=3600
content-encoding
br
etag
"2dfd2dcae4cabfba8ad6f15b231fe04ca0b01427c805a0e6c2d0f0c6ef07c224-br"
x-timer
S1730397943.869081,VS0,VE733
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
MISS
content-length
1588
date
Thu, 31 Oct 2024 18:05:43 GMT
content-type
image/x-icon
last-modified
Fri, 29 Jul 2022 14:37:41 GMT
x-served-by
cache-syd10127-SYD
x-cache-hits
0
vary
x-fh-requested-host, accept-encoding

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Handlebars object| webpackChunkdwellfulapi_widget object| gapiMaps object| google object| litHtmlVersions object| module$exports$mapsapi$geometry$spherical object| litElementVersions object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://api-dev.newzip.com/widget/v1/getConfiguration
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926