win.safetywing.com Open in urlscan Pro
2a00:1450:4001:803::2013 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://win.safetywing.com/
Submission: On November 11 via automatic, source certstream-suspicious (November 11th 2021, 4:59:34 pm UTC) — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 2a00:1450:4001:803::2013, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is win.safetywing.com.
TLS certificate: Issued by GTS CA 1D4 on November 11th 2021. Valid for: 3 months.

This is the only time win.safetywing.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
13	2a00:1450:400... 2a00:1450:4001:803::2013		15169 (GOOGLE) (GOOGLE)
13	1

13 2a00:1450:4001:803::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

win.safetywing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	safetywing.com win.safetywing.com	7 MB
13	1

	Domain	Requested by
13	win.safetywing.com	win.safetywing.com
13	1

This site contains no links.

Subject Issuer	Validity	Valid
win.safetywing.com GTS CA 1D4	`2021-11-11` - `2022-02-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://win.safetywing.com/
Frame ID: 613A51B90CBD034F43723D35C2611EFE
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nomad Insurance 2.0

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

7377 kB
Transfer

7664 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response win.safetywing.com/	2 KB 1 KB	215ms 143ms	Document text/html	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://win.safetywing.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `54414dd5ddcec579d9fbd4022952e5de0d0f2aa6d727f3c2fb8bb34f5fdde1dd` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers content-type text/html; charset=UTF-8 vary Accept-Encoding x-powered-by Express cache-control public, max-age=0 content-encoding gzip x-cloud-trace-context ccefa26873194fcd52bcb23bc44b06dd date Thu, 11 Nov 2021 16:59:29 GMT server Google Frontend content-length 1127
GET H2	200	main.c3e084c6.chunk.css win.safetywing.com/static/css/	451 B 344 B	153ms 152ms	Stylesheet text/css	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://win.safetywing.com/static/css/main.c3e084c6.chunk.css Requested by Host: win.safetywing.com URL: https://win.safetywing.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `37da3bcddcffb08def03b1d58d14c05a67a354771d2b44b3bfeb50bd987dfcf4` Request headers Accept-Language de-DE,de;q=0.9 Referer https://win.safetywing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 16:59:29 GMT content-encoding gzip server Google Frontend x-powered-by Express vary Accept-Encoding content-type text/css; charset=UTF-8 x-cloud-trace-context c3ba305a60867911960015d0fce7b124 cache-control public, max-age=0 content-length 236
GET H2	200	2.cab12a81.chunk.js Show response win.safetywing.com/static/js/	438 KB 165 KB	223ms 222ms	Script application/javascript	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://win.safetywing.com/static/js/2.cab12a81.chunk.js Requested by Host: win.safetywing.com URL: https://win.safetywing.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `9b1af7429a2fb5386c282f940aa3150578216a97b6c692facdc43a77bb678b26` Request headers Accept-Language de-DE,de;q=0.9 Referer https://win.safetywing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 16:59:29 GMT content-encoding gzip server Google Frontend x-powered-by Express vary Accept-Encoding content-type application/javascript; charset=UTF-8 x-cloud-trace-context c07af6dee5a601216deb61584273431f cache-control public, max-age=0 content-length 168216
GET H2	200	main.f729cc42.chunk.js Show response win.safetywing.com/static/js/	34 KB 11 KB	234ms 234ms	Script application/javascript	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://win.safetywing.com/static/js/main.f729cc42.chunk.js Requested by Host: win.safetywing.com URL: https://win.safetywing.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `76193d84037dbb0458f7b8fe03c36d8bdfbab747632137328852ec2f9a93b8f0` Request headers Accept-Language de-DE,de;q=0.9 Referer https://win.safetywing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 16:59:29 GMT content-encoding gzip server Google Frontend x-powered-by Express vary Accept-Encoding content-type application/javascript; charset=UTF-8 x-cloud-trace-context 9ad823643432e3440adbbfb5a7e6f3f9 cache-control public, max-age=0 content-length 11333
GET H2	200	SafetyWing-logo_dark.256ee7f2.svg win.safetywing.com/static/media/	6 KB 7 KB	162ms 161ms	Image image/svg+xml	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://win.safetywing.com/static/media/SafetyWing-logo_dark.256ee7f2.svg Requested by Host: win.safetywing.com URL: https://win.safetywing.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `607cefde346c4837f9298e714b846e87ebc8349120bbeb21c4de71715d9f80c9` Request headers Accept-Language de-DE,de;q=0.9 Referer https://win.safetywing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 16:59:30 GMT server Google Frontend x-powered-by Express content-type image/svg+xml x-cloud-trace-context d3e013305ee770bb2c58e2fcad799ce2 cache-control public, max-age=0 accept-ranges bytes content-length 6618
GET H2	200	heading.67c0e499.gif win.safetywing.com/static/media/	210 KB 210 KB	232ms 232ms	Image image/gif	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://win.safetywing.com/static/media/heading.67c0e499.gif Requested by Host: win.safetywing.com URL: https://win.safetywing.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `baeef15a1d7c9869cf4db72870145a3b48210027c74d9bce272ae0dd11183806` Request headers Accept-Language de-DE,de;q=0.9 Referer https://win.safetywing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 16:59:30 GMT server Google Frontend x-powered-by Express content-type image/gif x-cloud-trace-context 9d5dd01e1c98638c5a208bdb08a8e244 cache-control public, max-age=0 accept-ranges bytes content-length 214719
GET H2	200	skydive.827c4918.gif win.safetywing.com/static/media/	1 MB 1 MB	305ms 304ms	Image image/gif	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://win.safetywing.com/static/media/skydive.827c4918.gif Requested by Host: win.safetywing.com URL: https://win.safetywing.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `518b6116bc78ba70f5f82bacd3b7e5534e0745514367b62ed2db9863388af2c8` Request headers Accept-Language de-DE,de;q=0.9 Referer https://win.safetywing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 16:59:30 GMT server Google Frontend x-powered-by Express content-type image/gif x-cloud-trace-context ccca520340f4308211ee7d54b99f1307 cache-control public, max-age=0 accept-ranges bytes content-length 1373556
GET H2	200	eggs.9a435663.png win.safetywing.com/static/media/	176 KB 176 KB	249ms 249ms	Image image/png	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://win.safetywing.com/static/media/eggs.9a435663.png Requested by Host: win.safetywing.com URL: https://win.safetywing.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `8adc840c3a47f819ee75ec930bd6d0d2cd89091d44499cfebcb7c41bbc29ea20` Request headers Accept-Language de-DE,de;q=0.9 Referer https://win.safetywing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 16:59:30 GMT server Google Frontend x-powered-by Express content-type image/png x-cloud-trace-context 7ff4117d1897d18408ea144cdc2fddef cache-control public, max-age=0 accept-ranges bytes content-length 179900
GET H2	200	two-birds.5c60eb1e.png win.safetywing.com/static/media/	142 KB 142 KB	246ms 246ms	Image image/png	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://win.safetywing.com/static/media/two-birds.5c60eb1e.png Requested by Host: win.safetywing.com URL: https://win.safetywing.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `d41d6619be445572f272444926570f277700816d12dc16f7302d807ccd36de9f` Request headers Accept-Language de-DE,de;q=0.9 Referer https://win.safetywing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 16:59:30 GMT server Google Frontend x-powered-by Express content-type image/png x-cloud-trace-context e2ba16860bb472809dbe1b19b33a2972 cache-control public, max-age=0 accept-ranges bytes content-length 145053
GET H2	200	HelveticaNowText-Bold.5f7228a2.ttf win.safetywing.com/static/media/	125 KB 126 KB	250ms 250ms	Font font/ttf	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://win.safetywing.com/static/media/HelveticaNowText-Bold.5f7228a2.ttf Requested by Host: win.safetywing.com URL: https://win.safetywing.com/static/css/main.c3e084c6.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `844e5863b1b150e0e279c13e5b46ad4aa0d2c0e4cbf42e24d671d7edebbab65e` Request headers Referer https://win.safetywing.com/static/css/main.c3e084c6.chunk.css Origin https://win.safetywing.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 16:59:30 GMT server Google Frontend x-powered-by Express content-type font/ttf x-cloud-trace-context 24fb958dbcebc717a4968415a6272eb5 cache-control public, max-age=0 accept-ranges bytes content-length 128308
GET H2	200	HelveticaNowText-Regular.cda5d29c.ttf win.safetywing.com/static/media/	126 KB 126 KB	244ms 244ms	Font font/ttf	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://win.safetywing.com/static/media/HelveticaNowText-Regular.cda5d29c.ttf Requested by Host: win.safetywing.com URL: https://win.safetywing.com/static/css/main.c3e084c6.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `ca5c124748df1b5e053a3abd6e2106d2cf1b97e9600ac4baddbca923e1d58979` Request headers Referer https://win.safetywing.com/static/css/main.c3e084c6.chunk.css Origin https://win.safetywing.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 16:59:30 GMT server Google Frontend x-powered-by Express content-type font/ttf x-cloud-trace-context 942216b49169bbfd3a82c50b1a097cbb cache-control public, max-age=0 accept-ranges bytes content-length 129216
GET H2	206	bg_vid.4eb68d2d.mp4 win.safetywing.com/static/media/	3 MB 3 MB	324ms 324ms	Media video/mp4	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://win.safetywing.com/static/media/bg_vid.4eb68d2d.mp4 Requested by Host: win.safetywing.com URL: https://win.safetywing.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `b8d0b35edb32734882a7dc2a86fbcf5e42261fa359dbcd5843e172fa930e9f3d` Request headers Referer https://win.safetywing.com/ Accept-Encoding identity;q=1, ;q=0 Accept-Language* de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Range bytes=0- Response headers date Thu, 11 Nov 2021 16:59:30 GMT server Google Frontend x-powered-by Express content-type video/mp4 Content-Range bytes 0-2726753/2726754 x-cloud-trace-context b6bec583b344ede78fa3ed9911be3380 cache-control public, max-age=0 accept-ranges bytes Content-Length 2726754
GET H2	200	motorbike.995d6966.gif win.safetywing.com/static/media/	2 MB 2 MB	268ms 268ms	Image image/gif	2a00:1450:4001:803::2013 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://win.safetywing.com/static/media/motorbike.995d6966.gif Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash `dd3edabf266ade70bdc787bcdbd35fe7bb1eb6741b87927bfbd819b2e660aa15` Request headers Accept-Language de-DE,de;q=0.9 Referer https://win.safetywing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 16:59:33 GMT server Google Frontend x-powered-by Express content-type image/gif x-cloud-trace-context a33d8555add5c43ee0abe9602efd2866 cache-control public, max-age=0 accept-ranges bytes content-length 2456848

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

win.safetywing.com
2a00:1450:4001:803::2013
37da3bcddcffb08def03b1d58d14c05a67a354771d2b44b3bfeb50bd987dfcf4
518b6116bc78ba70f5f82bacd3b7e5534e0745514367b62ed2db9863388af2c8
54414dd5ddcec579d9fbd4022952e5de0d0f2aa6d727f3c2fb8bb34f5fdde1dd
607cefde346c4837f9298e714b846e87ebc8349120bbeb21c4de71715d9f80c9
76193d84037dbb0458f7b8fe03c36d8bdfbab747632137328852ec2f9a93b8f0
844e5863b1b150e0e279c13e5b46ad4aa0d2c0e4cbf42e24d671d7edebbab65e
8adc840c3a47f819ee75ec930bd6d0d2cd89091d44499cfebcb7c41bbc29ea20
9b1af7429a2fb5386c282f940aa3150578216a97b6c692facdc43a77bb678b26
b8d0b35edb32734882a7dc2a86fbcf5e42261fa359dbcd5843e172fa930e9f3d
baeef15a1d7c9869cf4db72870145a3b48210027c74d9bce272ae0dd11183806
ca5c124748df1b5e053a3abd6e2106d2cf1b97e9600ac4baddbca923e1d58979
d41d6619be445572f272444926570f277700816d12dc16f7302d807ccd36de9f
dd3edabf266ade70bdc787bcdbd35fe7bb1eb6741b87927bfbd819b2e660aa15

win.safetywing.com Open in urlscan Pro 2a00:1450:4001:803::2013 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

13 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

7377 kBTransfer

7664 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

0 Cookies

Indicators

win.safetywing.com Open in urlscan Pro
2a00:1450:4001:803::2013 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

7377 kB
Transfer

7664 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions