webapp.spotme.com Open in urlscan Pro
2600:9000:211e:9800:15:876d:8b00:93a1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://grc-events.com/t/gtl/5ff11c86-3d72-47c2-88df-b685a3a83676/NDk1ODM0LDgwOTg1MTU4OCwy/
Effective URL:
https://webapp.spotme.com/login/riskdigital/risk-digital-february
Submission: On January 19 via api (January 19th 2024, 1:21:11 pm UTC) from ES — Scanned from GB

Summary HTTP 12 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 2 domains to perform 12 HTTP transactions. The main IP is 2600:9000:211e:9800:15:876d:8b00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is webapp.spotme.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on October 11th 2023. Valid for: a year.

This is the only time webapp.spotme.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	51.104.28.64 51.104.28.64	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
10	2600:9000:211... 2600:9000:211e:9800:15:876d:8b00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:261... 2600:9000:2611:f400:4:4236:a580:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.127.15.89 3.127.15.89	16509 (AMAZON-02) (AMAZON-02)
12	3

1 51.104.28.64 (London, United Kingdom) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

grc-events.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:211e:9800:15:876d:8b00:93a1 (United States)

ASN16509 (AMAZON-02, US)

webapp.spotme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2611:f400:4:4236:a580:93a1 (United States)

ASN16509 (AMAZON-02, US)

eu-webapp.spotme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.15.89 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-15-89.eu-central-1.compute.amazonaws.com

eu-api.spotme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	spotme.com webapp.spotme.com eu-webapp.spotme.com — Cisco Umbrella Rank: 627768 eu-api.spotme.com	774 KB
1	grc-events.com 1 redirects grc-events.com	619 B
12	2

	Domain	Requested by
10	webapp.spotme.com	webapp.spotme.com
1	eu-api.spotme.com
1	eu-webapp.spotme.com	webapp.spotme.com
1	grc-events.com	1 redirects
12	4

This site contains links to these domains. Also see Links.

Domain
www.grcworldforums.com

Subject Issuer	Validity	Valid
webapp.spotme.com Amazon RSA 2048 M02	`2023-10-11` - `2024-11-09`	a year	crt.sh
eu-webapp.spotme.com Amazon RSA 2048 M02	`2023-11-10` - `2024-12-08`	a year	crt.sh
eu-api.spotme.com Amazon RSA 2048 M03	`2023-10-29` - `2024-11-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://webapp.spotme.com/login/riskdigital/risk-digital-february
Frame ID: A83A36F7946C5F7C6329002087C509A9
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

#RISK Digital February

Page URL History Show full URLs

https://grc-events.com/t/gtl/5ff11c86-3d72-47c2-88df-b685a3a83676/NDk1ODM0LDgwOTg1MTU4OCwy/ HTTP 302
https://webapp.spotme.com/login/riskdigital/risk-digital-february Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

4
Subdomains

3
IPs

3
Countries

774 kB
Transfer

2353 kB
Size

4
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.grcworldforums.com/privacy-policy
Title: #RISK

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://grc-events.com/t/gtl/5ff11c86-3d72-47c2-88df-b685a3a83676/NDk1ODM0LDgwOTg1MTU4OCwy/ HTTP 302
https://webapp.spotme.com/login/riskdigital/risk-digital-february Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request risk-digital-february Show response
webapp.spotme.com/login/riskdigital/
Redirect Chain

https://grc-events.com/t/gtl/5ff11c86-3d72-47c2-88df-b685a3a83676/NDk1ODM0LDgwOTg1MTU4OCwy/
https://webapp.spotme.com/login/riskdigital/risk-digital-february

2 KB
2 KB

263ms
105ms

Document
text/html

2600:9000:211e:9800:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/login/riskdigital/risk-digital-february

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:9800:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fd0c9594b581408a328f407fc764ab9bd8f567de356dedfff315aeee5fad2246

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src ; child-src 'self' blob: spotme://; frame-src * spotme://*; form-action 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src ; child-src 'self' blob: spotme://; frame-src * spotme://*; form-action 'self';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: max-age=300 public
content-encoding: gzip
content-security-policy: default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src *; child-src 'self' blob: spotme://*; frame-src * spotme://*; form-action 'self';
content-type: text/html
date: Fri, 19 Jan 2024 13:21:06 GMT
etag: W/"061d31f168f5099e1af00f3594e4a2a2"
expires: Fri, 19 Jan 2024 13:26:06 GMT
last-modified: Tue, 16 Jan 2024 06:25:09 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
x-amz-cf-id: 1iS37CmG_cOzfBI5zociRQ-ugTrs3EsUneVLKJHXvLHhPwx2duVmxg==
x-amz-cf-pop: FRA56-C2
x-amz-version-id: null
x-cache: RefreshHit from cloudfront
x-content-security-policy: default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src *; child-src 'self' blob: spotme://*; frame-src * spotme://*; form-action 'self';
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Cache-Control: private
Content-Length: 182
Content-Type: text/html; charset=utf-8
Date: Fri, 19 Jan 2024 13:21:05 GMT
Location: https://webapp.spotme.com/login/riskdigital/risk-digital-february
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.2
X-Powered-By: ASP.NET

GET
H2 200 auth.min.css
webapp.spotme.com/webapp/static/1.124.0/css/ 33 KB
8 KB 75ms
74ms Stylesheet
text/css 2600:9000:211e:9800:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/webapp/static/1.124.0/css/auth.min.css

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/login/riskdigital/risk-digital-february

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:9800:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

7f4a9f31f01023c45ce8925c6167342d27ce5d74a50b268fd347c96bdb6e19fe

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: null
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
content-encoding: gzip
date: Fri, 19 Jan 2024 13:21:06 GMT
via: 1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: RefreshHit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 16 Jan 2024 06:25:08 GMT
etag: W/"bbabd79aa08808366d972e0ad2a2568a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-amz-cf-id: pCWc7YRP-Nkwgl0ebE20Cm3tJ9dg73EBHMZeSPmcMF0f1MHIMl6vzw==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 auth-v2.min.css
webapp.spotme.com/webapp/static/1.124.0/css/ 54 KB
13 KB 73ms
73ms Stylesheet
text/css 2600:9000:211e:9800:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/webapp/static/1.124.0/css/auth-v2.min.css

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/login/riskdigital/risk-digital-february

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:9800:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

7cfd9e858267ddd23b9bef966af23200cc83f744d808c48398c17abe596e0505

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: null
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
content-encoding: gzip
date: Fri, 19 Jan 2024 13:21:06 GMT
via: 1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: RefreshHit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 16 Jan 2024 06:25:08 GMT
etag: W/"5dbc5e54af8ca9c4341ef441cc18ddbd"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-amz-cf-id: m7OC2XrUL6aul-UCIC9_PfkJQ0DIMnvR0XfnP3WZ1dwH-p0JyXOf-Q==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 auth.min.js Show response
webapp.spotme.com/webapp/static/1.124.0/js/ 2 MB
340 KB 133ms
133ms Script
application/x-javascript 2600:9000:211e:9800:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/webapp/static/1.124.0/js/auth.min.js

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/login/riskdigital/risk-digital-february

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:9800:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

c920b013400e69d869e63bd910bfbe2cb4c1c843810ca5f56e8e1db007cf915b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: null
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
content-encoding: gzip
date: Fri, 19 Jan 2024 13:21:06 GMT
via: 1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: RefreshHit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 16 Jan 2024 06:25:09 GMT
etag: W/"a5dc3e4ca0301ab474ca23b54a207322"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript
x-amz-cf-id: 0v8dYN5kJdTNI0m4L1p1DTnoDk0OUyVkvR-LcQXAdss8VuAGldalMg==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 config Show response
webapp.spotme.com/api/v1/appservice/assets/riskdigital/ 22 KB
7 KB 104ms
104ms XHR
application/json 2600:9000:211e:9800:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/api/v1/appservice/assets/riskdigital/config

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.124.0/js/auth.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:9800:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3a23650de8500e0a0fa743396d65c6628351070940120633c74a77f67f91949

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
x-content-type-options: nosniff
date: Fri, 19 Jan 2024 13:21:07 GMT
content-encoding: gzip
via: 1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: RefreshHit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
etag: W/"5775-CVSlnJcmwmMv6QPkK8Cgh0mM2LU"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Origin
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
x-amz-cf-id: kgE4NMqsq9sFT1HqB9inwqaKwcTPIyf3wKDVmhAvGSDAXLODKa_WEA==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

POST
H2 200 invitations Show response
webapp.spotme.com/api/v1/webapp/session/riskdigital/ 78 B
996 B 64ms
64ms XHR
application/json 2600:9000:211e:9800:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/api/v1/webapp/session/riskdigital/invitations

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.124.0/js/auth.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:9800:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ccc3a9ac48c9c12e03d6f0471d3a6f4e6e4e24ff2c782726ef76d3a534fcc81c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 19 Jan 2024 13:21:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
content-encoding: gzip
via: 1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
etag: W/"4e-3sOXleowkDoQ6CFPq+1cWqghxgs"
vary: Origin
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webapp.spotme.com
access-control-allow-credentials: true
x-amz-cf-id: -Abwg9N2lkbGYlP_RoRwT5E0eYzDCeagtNYGV2AEhXTwhNLAdqWlGA==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 risk-digital-february Show response
webapp.spotme.com/api/v1/appservice/assets/riskdigital/config/ 114 B
858 B 68ms
68ms XHR
application/json 2600:9000:211e:9800:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/api/v1/appservice/assets/riskdigital/config/risk-digital-february?url=true

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.124.0/js/auth.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:9800:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

eeed922172e13e3c89d26d56147d10c4cd717508074a90fc32b167c37baf8fc8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
x-content-type-options: nosniff
date: Fri, 19 Jan 2024 13:21:07 GMT
content-encoding: gzip
via: 1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: RefreshHit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
etag: W/"72-h5to3WxMXAdtfjxJO3st2guin3E"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Origin
content-type: application/json; charset=utf-8
cache-control: max-age=300
access-control-allow-credentials: true
x-amz-cf-id: YYCi2XTsQ-mmRcLDwDCZOpznz_N-x2im9iXOYCFMI2EIXjLMe83wuQ==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 registration Show response
eu-webapp.spotme.com/api/v1/public/eid/01f303f0c5f71e4021273fa011457cb8/ 12 KB
5 KB 383ms
179ms XHR
application/json 2600:9000:2611:f400:4:4236:a580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eu-webapp.spotme.com/api/v1/public/eid/01f303f0c5f71e4021273fa011457cb8/registration

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.124.0/js/auth.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2611:f400:4:4236:a580:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

12303bfbca6411d5df1ad3fbc77cd7e6814d5938503f12660f570b8726c1ee29

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 13:21:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
content-encoding: gzip
via: 1.1 a746325e2c0a55fa6c56e06293f59b40.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P2
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
etag: W/"2f58-jc/U+UBh8qgUDMVY4SeFrCpBACE"
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webapp.spotme.com
cache-control: max-age=300
access-control-allow-credentials: true
x-amz-cf-id: JvocQ73jwErxzbwnOXmPQaq8_6HsLyFgETjKuyXxcs156c5N81Iy2A==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 57O1TL Show response
webapp.spotme.com/api/v1/legal/requirements/riskdigital/ 1 KB
1 KB 78ms
78ms XHR
application/json 2600:9000:211e:9800:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/api/v1/legal/requirements/riskdigital/57O1TL?all=true

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.124.0/js/auth.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:9800:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

c6c04007b15e3a234c93a6a49b1b1c31a8b4a9ed1c311ba34c3090c795aef146

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
x-content-type-options: nosniff
date: Fri, 19 Jan 2024 13:21:07 GMT
content-encoding: gzip
via: 1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: RefreshHit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
etag: W/"4a3-Gg1/+V7qWp2V2sSm4utaXbkRbVU"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Origin
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
x-amz-cf-id: b9y9G8czynqVBrRdSZd2hiekEF8eRMNetvz1m9VT0IHOiE94t9KPkQ==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 banner
webapp.spotme.com/api/v1/appservice/assets/riskdigital/config/risk-digital-february/ 344 KB
345 KB 197ms
195ms Image
image/jpeg 2600:9000:211e:9800:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webapp.spotme.com/api/v1/appservice/assets/riskdigital/config/risk-digital-february/banner

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:9800:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

5cfb8b9f4edf80043e790ed9d8ef622206b2bca481a692129396e010fcf4c6fe

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
x-content-type-options: nosniff, nosniff
date: Fri, 19 Jan 2024 13:21:08 GMT
via: 1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: RefreshHit from cloudfront
content-disposition: attachment; filename=banner
content-length: 352275
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: same-origin, same-origin
last-modified: Tue, 09 Jan 2024 12:47:59 GMT
etag: "df1cf30cdef5440d0f0f63a0941e16df"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding,Origin
content-type: image/jpeg
cache-control: max-age=300
access-control-allow-credentials: true
accept-ranges: none, bytes
x-amz-cf-id: sehz2kLBHLSgbpRDxVaHw68w0kvmehR_E7D-WqGvMGvC7qGpPLYJSQ==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 event-icon
eu-api.spotme.com/api/v1/eid/01f303f0c5f71e4021273fa011457cb8/ 47 KB
47 KB 357ms
186ms Image
image/png 3.127.15.89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-api.spotme.com/api/v1/eid/01f303f0c5f71e4021273fa011457cb8/event-icon

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.127.15.89 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-15-89.eu-central-1.compute.amazonaws.com

Software

Resource Hash

6b969e312b28f3a8b4e6060474d7086d1c027fae6eab78473f599c10baba5002

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 13:21:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: same-origin
last-modified: Thu, 04 Jan 2024 10:02:38 GMT
etag: "c9b76efc0b073e34033bc63aae8f6ea4"
x-cache-status: MISS
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=86400
accept-ranges: none, bytes
content-length: 48153
x-xss-protection: 1; mode=block

GET
H2 200 auth.woff
webapp.spotme.com/webapp/static/1.124.0/fonts/ 2 KB
2 KB 129ms
128ms Font
application/octet-stream 2600:9000:211e:9800:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/webapp/static/1.124.0/fonts/auth.woff

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.124.0/css/auth-v2.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:9800:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

829c8fab8d61b8eaf5b15f144ff53829517921d2548435c4427f8cd313ba0263

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webapp.spotme.com/webapp/static/1.124.0/css/auth-v2.min.css
Origin: https://webapp.spotme.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: null
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
via: 1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
date: Fri, 19 Jan 2024 13:21:08 GMT
x-amz-cf-pop: FRA56-C2
x-cache: RefreshHit from cloudfront
content-length: 1760
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 16 Jan 2024 06:25:08 GMT
etag: "f4c9873a08e19f763fac215a50c9c55e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: tKdPAQrsGoT_UxWwKEePBk_PG00ccQ6MRnMcoPFc0xDQikg9GUQLHQ==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.grc-events.com/	1969-12-31 23:59:59	Name: ARRAffinity Value: aa3f05bb472ce19732650dc279c30504d3291b0258e370785667108c63e73992
.grc-events.com/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: aa3f05bb472ce19732650dc279c30504d3291b0258e370785667108c63e73992
.webapp.spotme.com/	1970-01-20 18:08:00	Name: webapp_riskdigital Value: B1%252F%252FzzrmIdUFBWSixMg2Z3GyUUo%253D1705670467275TZN0rDeY6riCK0UW8euhTA%253D%253D
webapp.spotme.com/	1970-01-20 17:49:16	Name: _branding Value: riskdigital

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src ; child-src 'self' blob: spotme://; frame-src * spotme://*; form-action 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src ; child-src 'self' blob: spotme://; frame-src * spotme://*; form-action 'self';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

eu-api.spotme.com
eu-webapp.spotme.com
grc-events.com
webapp.spotme.com
2600:9000:211e:9800:15:876d:8b00:93a1
2600:9000:2611:f400:4:4236:a580:93a1
3.127.15.89
51.104.28.64
12303bfbca6411d5df1ad3fbc77cd7e6814d5938503f12660f570b8726c1ee29
5cfb8b9f4edf80043e790ed9d8ef622206b2bca481a692129396e010fcf4c6fe
6b969e312b28f3a8b4e6060474d7086d1c027fae6eab78473f599c10baba5002
7cfd9e858267ddd23b9bef966af23200cc83f744d808c48398c17abe596e0505
7f4a9f31f01023c45ce8925c6167342d27ce5d74a50b268fd347c96bdb6e19fe
829c8fab8d61b8eaf5b15f144ff53829517921d2548435c4427f8cd313ba0263
c6c04007b15e3a234c93a6a49b1b1c31a8b4a9ed1c311ba34c3090c795aef146
c920b013400e69d869e63bd910bfbe2cb4c1c843810ca5f56e8e1db007cf915b
ccc3a9ac48c9c12e03d6f0471d3a6f4e6e4e24ff2c782726ef76d3a534fcc81c
e3a23650de8500e0a0fa743396d65c6628351070940120633c74a77f67f91949
eeed922172e13e3c89d26d56147d10c4cd717508074a90fc32b167c37baf8fc8
fd0c9594b581408a328f407fc764ab9bd8f567de356dedfff315aeee5fad2246

webapp.spotme.com Open in urlscan Pro 2600:9000:211e:9800:15:876d:8b00:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

50 %IPv6

2 Domains

4 Subdomains

3 IPs

3 Countries

774 kBTransfer

2353 kBSize

4 Cookies

1 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

4 Cookies

Security Headers

Indicators

webapp.spotme.com Open in urlscan Pro
2600:9000:211e:9800:15:876d:8b00:93a1 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

4
Subdomains

3
IPs

3
Countries

774 kB
Transfer

2353 kB
Size

4
Cookies

12 HTTP transactions
0 data transactions