urlscan.io logo urlscan.io
SecurityTrails logo

travel.spicemoney.com Open in urlscan Pro
13.234.141.178  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://travel.spicemoney.com/
Effective URL: https://travel.spicemoney.com/pos/
Submission: On February 18 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 13.234.141.178, located in Mumbai, India and belongs to AMAZON-02, US. The main domain is travel.spicemoney.com.
TLS certificate: Issued by R3 on February 13th 2021. Valid for: 3 months.
This is the only time travel.spicemoney.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 10 13.234.141.178 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
10 2
Apex Domain
Subdomains		 Transfer
10 spicemoney.com
travel.spicemoney.com
286 KB
1 googleapis.com
fonts.googleapis.com
948 B
10 2
Domain Requested by
10 travel.spicemoney.com 1 redirects travel.spicemoney.com
1 fonts.googleapis.com travel.spicemoney.com
10 2

This site contains no links.

Subject Issuer Validity Valid
spicelive.veenterprise.com
R3		 2021-02-13 -
2021-05-14		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-01-19 -
2021-04-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://travel.spicemoney.com/pos/
Frame ID: 874B83F1CCD1C87015DDE4E252C9C0E4
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://travel.spicemoney.com/ HTTP 301
    https://travel.spicemoney.com/pos/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

10
Requests

10 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

286 kB
Transfer

1147 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://travel.spicemoney.com/ HTTP 301
    https://travel.spicemoney.com/pos/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
travel.spicemoney.com/pos/
Redirect Chain
  • https://travel.spicemoney.com/
  • https://travel.spicemoney.com/pos/
19 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://travel.spicemoney.com/pos/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.234.141.178 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-234-141-178.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
3078bd874abef12d3680c6143a7e6d32545f438f556333019a7f5f5cc231a93a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
travel.spicemoney.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control
must-revalidate, no-cache, no-transform, proxy-revalidate, private, max-age=0, s-maxage=0
Content-Encoding
gzip
Content-Language
en-US
Content-Type
text/html;charset=UTF-8
Date
Thu, 18 Feb 2021 15:14:14 GMT
Expires
0
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Vary
accept-encoding,origin,access-control-request-headers,access-control-request-method
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block
transfer-encoding
chunked
Connection
keep-alive

Redirect headers

Content-Type
text/html; charset=iso-8859-1
Date
Thu, 18 Feb 2021 15:14:14 GMT
Location
https://travel.spicemoney.com/pos/
Server
Apache
Content-Length
242
Connection
keep-alive
xdomain.js
travel.spicemoney.com/pos/lib/xdomain/ 		29 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travel.spicemoney.com/pos/lib/xdomain/xdomain.js
Requested by
Host: travel.spicemoney.com
URL: https://travel.spicemoney.com/pos/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.234.141.178 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-234-141-178.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
9cbf21600c34e2ebd489f303e3f346baf80a35e97350b5a312bfcf13cc18d0d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://travel.spicemoney.com/pos/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 18 Feb 2021 15:14:14 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
keep-alive
Vary
accept-encoding,origin,access-control-request-headers,access-control-request-method
Content-Length
8010
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Thu, 18 Feb 2021 09:05:19 GMT
Server
Apache
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Content-Type
application/javascript
Cache-Control
must-revalidate, no-cache, no-transform, proxy-revalidate, private, max-age=0, s-maxage=0
Accept-Ranges
bytes
Expires
0
main.css
travel.spicemoney.com/pos/client/themes-output/default/styles/ 		352 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://travel.spicemoney.com/pos/client/themes-output/default/styles/main.css
Requested by
Host: travel.spicemoney.com
URL: https://travel.spicemoney.com/pos/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.234.141.178 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-234-141-178.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
ccf6ada3697d3262bc1727732bd5923ccf088ad31dd09ba9f96abb649d91fd02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://travel.spicemoney.com/pos/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 18 Feb 2021 15:14:14 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
transfer-encoding
chunked
Connection
keep-alive
Vary
accept-encoding,origin,access-control-request-headers,access-control-request-method
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Thu, 18 Feb 2021 09:05:19 GMT
Server
Apache
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Content-Type
text/css
Cache-Control
must-revalidate, no-cache, no-transform, proxy-revalidate, private, max-age=0, s-maxage=0
Accept-Ranges
bytes
Expires
0
my-account.css
travel.spicemoney.com/client/themes-output/default/styles/components/my-account/ 		490 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://travel.spicemoney.com/client/themes-output/default/styles/components/my-account/my-account.css
Requested by
Host: travel.spicemoney.com
URL: https://travel.spicemoney.com/pos/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.234.141.178 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-234-141-178.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
1993215ce3a112fc0a023185f49dbe0606a5193e72e7d7c7cc3c9530fc25d61c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://travel.spicemoney.com/pos/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 18 Feb 2021 15:14:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
transfer-encoding
chunked
Access-Control-Allow-Methods
POST, GET, OPTIONS, DELETE
Connection
keep-alive
Vary
accept-encoding,origin,access-control-request-headers,access-control-request-method
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Thu, 18 Feb 2021 09:05:20 GMT
Server
Apache
X-Frame-Options
DENY
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
must-revalidate, no-cache, no-transform, proxy-revalidate, private, max-age=0, s-maxage=0
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, X-Auth-Token, Content-Type
Expires
0
shared-components.css
travel.spicemoney.com/client/themes-output/default/styles/components/commons/components/shared-components/ 		26 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://travel.spicemoney.com/client/themes-output/default/styles/components/commons/components/shared-components/shared-components.css
Requested by
Host: travel.spicemoney.com
URL: https://travel.spicemoney.com/pos/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.234.141.178 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-234-141-178.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
412373c7125e5b7ebe4d2cf31ec41133c5a1c678b90b444c94d93b9ac3bc3f63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://travel.spicemoney.com/pos/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 18 Feb 2021 15:14:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
transfer-encoding
chunked
Access-Control-Allow-Methods
POST, GET, OPTIONS, DELETE
Connection
keep-alive
Vary
accept-encoding,origin,access-control-request-headers,access-control-request-method
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Thu, 18 Feb 2021 09:05:20 GMT
Server
Apache
X-Frame-Options
DENY
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
must-revalidate, no-cache, no-transform, proxy-revalidate, private, max-age=0, s-maxage=0
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, X-Auth-Token, Content-Type
Expires
0
system.js
travel.spicemoney.com/pos/lib/system/ 		47 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travel.spicemoney.com/pos/lib/system/system.js
Requested by
Host: travel.spicemoney.com
URL: https://travel.spicemoney.com/pos/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.234.141.178 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-234-141-178.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
6d2ff47c3dfc069db4e94e4f140b397d641ce27b5716cc858641f4c36ef0c14d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://travel.spicemoney.com/pos/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 18 Feb 2021 15:14:14 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
transfer-encoding
chunked
Connection
keep-alive
Vary
accept-encoding,origin,access-control-request-headers,access-control-request-method
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Thu, 18 Feb 2021 09:05:19 GMT
Server
Apache
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Content-Type
application/javascript
Cache-Control
must-revalidate, no-cache, no-transform, proxy-revalidate, private, max-age=0, s-maxage=0
Accept-Ranges
bytes
Expires
0
system.config.js
travel.spicemoney.com/pos/client/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travel.spicemoney.com/pos/client/system.config.js
Requested by
Host: travel.spicemoney.com
URL: https://travel.spicemoney.com/pos/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.234.141.178 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-234-141-178.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
ea64d8f997b298a5f40cda6bb6aaf00d2f05ee069d5c3233f8b58bfa0c3aaa22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://travel.spicemoney.com/pos/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 18 Feb 2021 15:14:14 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
keep-alive
Vary
accept-encoding,origin,access-control-request-headers,access-control-request-method
Content-Length
4157
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Thu, 18 Feb 2021 09:05:19 GMT
Server
Apache
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Content-Type
application/javascript
Cache-Control
must-revalidate, no-cache, no-transform, proxy-revalidate, private, max-age=0, s-maxage=0
Accept-Ranges
bytes
Expires
0
css
fonts.googleapis.com/ 		11 KB
948 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway:700,500,600|Open+Sans:400,600,700
Requested by
Host: travel.spicemoney.com
URL: https://travel.spicemoney.com/pos/client/themes-output/default/styles/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f123b62c510a68166528bbc002e1656d8afc19e13f21e0af77d9b0afc68aa627
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://travel.spicemoney.com/pos/client/themes-output/default/styles/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 18 Feb 2021 15:14:15 GMT
server
ESF
date
Thu, 18 Feb 2021 15:14:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 18 Feb 2021 15:14:15 GMT
sessionshare.ajax
travel.spicemoney.com/system/ 		0
664 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://travel.spicemoney.com/system/sessionshare.ajax?ACTION_MODE=FETCH_PUBLIC_ADMIN_CONFIGURATIONS
Requested by
Host: travel.spicemoney.com
URL: https://travel.spicemoney.com/pos/lib/xdomain/xdomain.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.234.141.178 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-234-141-178.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://travel.spicemoney.com/pos/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 18 Feb 2021 15:14:15 GMT
Server
Apache
Access-Control-Allow-Methods
DELETE, HEAD, GET, OPTIONS, POST, PUT
Cache-Control
must-revalidate, no-cache, no-transform, proxy-revalidate, private, max-age=0, s-maxage=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
x-cross-origin-handshake-token, x-requested-with, X-Auth-Token, Content-Type
Content-Length
0
background.jpg
travel.spicemoney.com/pos/client/themes-output/default/images/ 		155 KB
156 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://travel.spicemoney.com/pos/client/themes-output/default/images/background.jpg
Requested by
Host: travel.spicemoney.com
URL: https://travel.spicemoney.com/pos/client/themes-output/default/styles/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.234.141.178 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-234-141-178.ap-south-1.compute.amazonaws.com
Software
Apache /
Resource Hash
953f7deae90e1ede6f2817c651cf871cd43ad6fbecb1a9db981aaa1ad74448bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://travel.spicemoney.com/pos/client/themes-output/default/styles/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Feb 2021 15:14:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 18 Feb 2021 09:05:19 GMT
Server
Apache
X-Frame-Options
DENY
Vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Connection
keep-alive
Content-Type
image/jpeg
Cache-Control
must-revalidate, no-cache, no-transform, proxy-revalidate, private, max-age=0, s-maxage=0
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Accept-Ranges
bytes
Content-Length
159127
X-XSS-Protection
1; mode=block
Expires
0

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| xhook function| xdomain string| platformUrl string| contextPath function| browserSupportsAllFeatures undefined| base function| browserSupportsEs7Features object| System object| SystemJS string| themeName object| httpRequest string| adminConfigUrl function| getAdminConfig function| loadApp function| loadAdminConfig

1 Cookies

Domain/Path Name / Value
travel.spicemoney.com/ Name: JSESSIONID
Value: 6BB627D360EEA70C86C047168E92514A

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block