webapp.spotme.com Open in urlscan Pro
2600:9000:2449:e400:15:876d:8b00:93a1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://vinci-cybersecweek.net/register
Effective URL:
https://webapp.spotme.com/login/vinci/vinci-cybersecweek-2023
Submission: On September 28 via manual (September 28th 2023, 5:11:21 pm UTC) from GB — Scanned from FR

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 2 domains to perform 12 HTTP transactions. The main IP is 2600:9000:2449:e400:15:876d:8b00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is webapp.spotme.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on November 9th 2022. Valid for: a year.

This is the only time webapp.spotme.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	194.156.202.144 194.156.202.144	47314 (VINCI VINCI) (VINCI VINCI)
8	2600:9000:244... 2600:9000:2449:e400:15:876d:8b00:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:239... 2600:9000:2394:9200:11:ce59:ed40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:2251:4200:4:4236:a580:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.184.128.211 18.184.128.211	16509 (AMAZON-02) (AMAZON-02)
12	4

1 194.156.202.144 (France) 1 redirects

ASN47314 (VINCI VINCI, FR)

vinci-cybersecweek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:2449:e400:15:876d:8b00:93a1 (United States)

ASN16509 (AMAZON-02, US)

webapp.spotme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2394:9200:11:ce59:ed40:93a1 (United States)

ASN16509 (AMAZON-02, US)

on.spotme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2251:4200:4:4236:a580:93a1 (United States)

ASN16509 (AMAZON-02, US)

eu-webapp.spotme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.184.128.211 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-128-211.eu-central-1.compute.amazonaws.com

eu-api.spotme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	spotme.com webapp.spotme.com on.spotme.com eu-webapp.spotme.com eu-api.spotme.com	1 MB
1	vinci-cybersecweek.net 1 redirects vinci-cybersecweek.net	658 B
12	2

	Domain	Requested by
8	webapp.spotme.com	webapp.spotme.com
2	on.spotme.com	webapp.spotme.com
1	eu-api.spotme.com
1	eu-webapp.spotme.com	webapp.spotme.com
1	vinci-cybersecweek.net	1 redirects
12	5

This site contains no links.

Subject Issuer	Validity	Valid
webapp.spotme.com Amazon RSA 2048 M02	`2022-11-09` - `2023-12-09`	a year	crt.sh
on.spotme.com Amazon RSA 2048 M01	`2023-05-28` - `2024-06-26`	a year	crt.sh
eu-webapp.spotme.com Amazon RSA 2048 M02	`2023-02-28` - `2024-01-08`	10 months	crt.sh
eu-api.spotme.com Amazon RSA 2048 M02	`2023-02-14` - `2023-12-27`	10 months	crt.sh

This page contains 1 frames:

Primary Page: https://webapp.spotme.com/login/vinci/vinci-cybersecweek-2023
Frame ID: 04989406E56EA3465FA5B36051521028
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | SpotMe

Page URL History Show full URLs

https://vinci-cybersecweek.net/register HTTP 302
https://webapp.spotme.com/login/vinci/vinci-cybersecweek-2023 Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

12
Requests

100 %
HTTPS

60 %
IPv6

2
Domains

5
Subdomains

4
IPs

3
Countries

1223 kB
Transfer

2794 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://vinci-cybersecweek.net/register HTTP 302
https://webapp.spotme.com/login/vinci/vinci-cybersecweek-2023 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request vinci-cybersecweek-2023 Show response
webapp.spotme.com/login/vinci/
Redirect Chain

https://vinci-cybersecweek.net/register
https://webapp.spotme.com/login/vinci/vinci-cybersecweek-2023

2 KB
2 KB

98ms
21ms

Document
text/html

2600:9000:2449:e400:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/login/vinci/vinci-cybersecweek-2023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2449:e400:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

30af610197cbf35059064fc87fba5ed20d33acc752c88cc7ac541a160b66dede

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src ; child-src 'self' blob: spotme://; frame-src * spotme://*; form-action 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src ; child-src 'self' blob: spotme://; frame-src * spotme://*; form-action 'self';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 227
cache-control: max-age=300 public
content-encoding: gzip
content-security-policy: default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src *; child-src 'self' blob: spotme://*; frame-src * spotme://*; form-action 'self';
content-type: text/html
date: Thu, 28 Sep 2023 17:09:07 GMT
etag: W/"b82dfa33fc0ed7298c3244ceafe3c8d3"
expires: Thu, 28 Sep 2023 17:12:28 GMT
last-modified: Tue, 26 Sep 2023 05:41:43 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-id: M3m0uHJxhPZeao-4_zB9WVqiIFHeg1NGfPb0_ResWpjJfWJ-Pw2U2g==
x-amz-cf-pop: AMS58-P6
x-amz-version-id: null
x-cache: Hit from cloudfront
x-content-security-policy: default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src *; child-src 'self' blob: spotme://*; frame-src * spotme://*; form-action 'self';
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 154
Content-Security-Policy: default-src 'self';
Content-Type: text/html
Date: Thu, 28 Sep 2023 17:11:15 GMT
Feature-Policy: geolocation 'none'; camera 'none'; microphone 'none'
Location: https://webapp.spotme.com/login/vinci/vinci-cybersecweek-2023
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=()
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=15768000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H2 200 auth.min.css
webapp.spotme.com/webapp/static/1.118.0/css/ 33 KB
8 KB 22ms
21ms Stylesheet
text/css 2600:9000:2449:e400:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/webapp/static/1.118.0/css/auth.min.css

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/login/vinci/vinci-cybersecweek-2023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2449:e400:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e1cd4419914b7948ad4df1535a696557785680a0a6ce6b72239f1aca1e377883

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: null
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
content-encoding: gzip
date: Thu, 28 Sep 2023 17:11:01 GMT
via: 1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
age: 18
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 26 Sep 2023 05:41:42 GMT
etag: W/"34a540d254f08fb1a242758ed237431d"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-amz-cf-id: BIP4vItkgevci_GLLCR2rouiSkmvyOfu0dVlsYLvgdJTUkFw0NENCQ==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 auth-v2.min.css
webapp.spotme.com/webapp/static/1.118.0/css/ 53 KB
13 KB 23ms
22ms Stylesheet
text/css 2600:9000:2449:e400:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/webapp/static/1.118.0/css/auth-v2.min.css

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/login/vinci/vinci-cybersecweek-2023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2449:e400:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

dfcf87d4986db1149412ffe82c31484ecb90f8ae6d086a7ede2d02b169874392

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: null
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
content-encoding: gzip
date: Thu, 28 Sep 2023 17:11:01 GMT
via: 1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
age: 18
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 26 Sep 2023 05:41:42 GMT
etag: W/"a8c14bb70f2284869e9d6c939f0cf6ed"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-amz-cf-id: P6h1WebGSMldQuT1FXPqzg0bBRgAZee-XrfyfA7rEcUOKFXQTZ8D5Q==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 auth.min.js Show response
webapp.spotme.com/webapp/static/1.118.0/js/ 2 MB
340 KB 25ms
25ms Script
application/x-javascript 2600:9000:2449:e400:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/webapp/static/1.118.0/js/auth.min.js

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/login/vinci/vinci-cybersecweek-2023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2449:e400:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

b5f738e7255bb78557b31f603e8d27bbf589007de99735087a43de22484e4e75

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: null
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
content-encoding: gzip
date: Thu, 28 Sep 2023 17:11:01 GMT
via: 1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
age: 18
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 26 Sep 2023 05:41:42 GMT
etag: W/"c5d25cd6594693914dc69406cfb4a2bc"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript
x-amz-cf-id: HWAtBpl3pIxKmKWA5VS7GNIk96Y7_m1hDkdzRx5cxlOC5Ia2xBCM8w==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 config Show response
on.spotme.com/api/v1/appservice/assets/vinci/ 7 KB
4 KB 207ms
21ms XHR
application/json 2600:9000:2394:9200:11:ce59:ed40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://on.spotme.com/api/v1/appservice/assets/vinci/config

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.118.0/js/auth.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2394:9200:11:ce59:ed40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

9e5f0d567dbaeb4271ddd77b2142f17694727625666e3b853ffbaa3ce4407078

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
x-content-type-options: nosniff
date: Thu, 28 Sep 2023 17:10:25 GMT
content-encoding: gzip
via: 1.1 397f210a9eb9ec34ba3f1f814bc1a7a2.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
age: 51
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
etag: W/"1d10-Qgswr3GCo7hdapROwc6cKmobD8g"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webapp.spotme.com
access-control-allow-credentials: true
x-amz-cf-id: p95v0vw2EZIgjxW0F5RoiEIHK5KXYtCE99QhKyYN8A1hlM3xtEUDjg==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

POST
H2 200 invitations Show response
webapp.spotme.com/api/v1/webapp/session/vinci/ 78 B
985 B 46ms
46ms XHR
application/json 2600:9000:2449:e400:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/api/v1/webapp/session/vinci/invitations

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.118.0/js/auth.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2449:e400:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ccc3a9ac48c9c12e03d6f0471d3a6f4e6e4e24ff2c782726ef76d3a534fcc81c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 28 Sep 2023 17:11:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
content-encoding: gzip
via: 1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
etag: W/"4e-3sOXleowkDoQ6CFPq+1cWqghxgs"
vary: Origin
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webapp.spotme.com
access-control-allow-credentials: true
x-amz-cf-id: gJA8VF_EhF8irqvy9IopGOYc5EY1Yo1tRmk26hOtCqjLFrpacf4p8A==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 vinci-cybersecweek-2023 Show response
webapp.spotme.com/api/v1/appservice/assets/vinci/config/ 114 B
860 B 21ms
20ms XHR
application/json 2600:9000:2449:e400:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/api/v1/appservice/assets/vinci/config/vinci-cybersecweek-2023?url=true

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.118.0/js/auth.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2449:e400:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

80ccdc0dc06678e0f0f38481c4efb0b34852b25504dc7ba5aa664191efe7a18c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
x-content-type-options: nosniff
date: Thu, 28 Sep 2023 17:09:08 GMT
content-encoding: gzip
via: 1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
age: 211
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
etag: W/"72-ut+kATYpalxADahcalML+mjiCcA"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Origin
content-type: application/json; charset=utf-8
cache-control: max-age=300
access-control-allow-credentials: true
x-amz-cf-id: LElBo9nz1lyv7vTv7edpIPWISKps6TiXDTQtbz_REiLEtPykIToiFA==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 registration Show response
eu-webapp.spotme.com/api/v1/public/eid/e96da0ed7ab1f932c93af4b095c63977/ 21 KB
9 KB 150ms
85ms XHR
application/json 2600:9000:2251:4200:4:4236:a580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eu-webapp.spotme.com/api/v1/public/eid/e96da0ed7ab1f932c93af4b095c63977/registration

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.118.0/js/auth.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:4200:4:4236:a580:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

8ead7cbd0bca870dff39c74e04f3a2ad5bccfad8ec5ae269f06e5de1ed3828f4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 17:11:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
content-encoding: gzip
via: 1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
etag: W/"53da-UjuZZpD+gTriE+/Fx5CUCIoEDUQ"
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webapp.spotme.com
cache-control: max-age=300
access-control-allow-credentials: true
x-amz-cf-id: hjEgDxGCQPwxRIxrICzLtcB2qXsDif8_JIMmgKFnCvc0OnZJ5B8zwQ==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 49B3VD Show response
on.spotme.com/api/v1/legal/requirements/vinci/ 19 B
757 B 56ms
55ms XHR
application/json 2600:9000:2394:9200:11:ce59:ed40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://on.spotme.com/api/v1/legal/requirements/vinci/49B3VD?all=true

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.118.0/js/auth.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2394:9200:11:ce59:ed40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

1061b645f6e505401934ff4aa283d34abe8f4cc4f9bda053eddedd4372f7d0f9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
x-content-type-options: nosniff
date: Thu, 28 Sep 2023 17:11:16 GMT
via: 1.1 397f210a9eb9ec34ba3f1f814bc1a7a2.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-cache: RefreshHit from cloudfront
content-length: 19
x-xss-protection: 1; mode=block
referrer-policy: same-origin
etag: W/"13-VlhCyXm56tDny5rxsHysV1sEBMQ"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://webapp.spotme.com
access-control-allow-credentials: true
x-amz-cf-id: kvUlcsnrFoxYxOagm3w7cxSYTlJoFmMEwmsxTUeJm13CdfAttUGFbA==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 banner
webapp.spotme.com/api/v1/appservice/assets/vinci/config/vinci-cybersecweek-2023/ 770 KB
772 KB 25ms
24ms Image
image/png 2600:9000:2449:e400:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webapp.spotme.com/api/v1/appservice/assets/vinci/config/vinci-cybersecweek-2023/banner

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2449:e400:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

baa66a18ee410a60bcbe92c16d8254648e12bcc7ccdec313b423cd44e4e702b2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
x-content-type-options: nosniff, nosniff
date: Thu, 28 Sep 2023 17:09:08 GMT
via: 1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
age: 227
x-cache: Hit from cloudfront
content-disposition: attachment; filename=banner
content-length: 788645
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: same-origin, same-origin
last-modified: Mon, 04 Sep 2023 06:37:34 GMT
etag: "66ff63c1a3e40d94f7c3b0027ebe0e63"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding,Origin
content-type: image/png
cache-control: max-age=300
access-control-allow-credentials: true
accept-ranges: none, bytes
x-amz-cf-id: dcbx8IO1txJI2ZtG_vY6MbgOGgtPw__mbpiIr5mzchXtHyp3AEr1FA==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

GET
H2 200 event-icon
eu-api.spotme.com/api/v1/eid/e96da0ed7ab1f932c93af4b095c63977/ 69 KB
70 KB 153ms
50ms Image
image/png 18.184.128.211
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-api.spotme.com/api/v1/eid/e96da0ed7ab1f932c93af4b095c63977/event-icon

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.184.128.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-184-128-211.eu-central-1.compute.amazonaws.com

Software

Resource Hash

ecba40d8f1524ae5a9d84871b4db09aaf297148ef70b9c41cd6db8ec03c26cb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 17:11:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: same-origin
last-modified: Tue, 29 Aug 2023 08:32:22 GMT
etag: "ebdeed784e7d73240bda3e427615326a"
x-cache-status: HIT
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=86400, max-age=300
accept-ranges: none, bytes
content-length: 70958
x-xss-protection: 1; mode=block

GET
H2 200 auth.woff
webapp.spotme.com/webapp/static/1.118.0/fonts/ 2 KB
2 KB 48ms
48ms Font
application/octet-stream 2600:9000:2449:e400:15:876d:8b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://webapp.spotme.com/webapp/static/1.118.0/fonts/auth.woff

Requested by

Host: webapp.spotme.com
URL: https://webapp.spotme.com/webapp/static/1.118.0/css/auth-v2.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2449:e400:15:876d:8b00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

5e1b75e35331f8174be269e74652ae7cb6293c02ee68c5296222a80ef5a49df9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webapp.spotme.com/webapp/static/1.118.0/css/auth-v2.min.css
Origin: https://webapp.spotme.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: null
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;
via: 1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
date: Thu, 28 Sep 2023 17:10:26 GMT
x-amz-cf-pop: AMS58-P6
age: 50
x-cache: Hit from cloudfront
content-length: 1760
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 26 Sep 2023 05:41:42 GMT
etag: "106c67b47f1457953063ceebba3089f5"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: toVOwRUqE7M5R67japnCnOkH6YMoGcK2626y706YF_sAEK9B4EoiHg==
x-content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; font-src 'self' data:; img-src * data: blob:;

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.webapp.spotme.com/	1970-01-20 15:25:30	Name: webapp_vinci Value: XP6bu9UMmIR2mum4rqJUTsaFINM%253D1695921076186TZN0rDeY6riCK0UW8euhTA%253D%253D
			webapp.spotme.com/	1970-01-20 15:06:47	Name: _branding Value: vinci

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src ; child-src 'self' blob: spotme://; frame-src * spotme://*; form-action 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; style-src 'self' 'unsafe-inline' https://fast.appcues.com https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; font-src 'self' data: https://sentry.spotme.com cbl://* https://eu-webapp.spotme.com; img-src * data: blob: mediastream: ; media-src * data: blob: mediastream: ; connect-src ; child-src 'self' blob: spotme://; frame-src * spotme://*; form-action 'self';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

eu-api.spotme.com
eu-webapp.spotme.com
on.spotme.com
vinci-cybersecweek.net
webapp.spotme.com
18.184.128.211
194.156.202.144
2600:9000:2251:4200:4:4236:a580:93a1
2600:9000:2394:9200:11:ce59:ed40:93a1
2600:9000:2449:e400:15:876d:8b00:93a1
1061b645f6e505401934ff4aa283d34abe8f4cc4f9bda053eddedd4372f7d0f9
30af610197cbf35059064fc87fba5ed20d33acc752c88cc7ac541a160b66dede
5e1b75e35331f8174be269e74652ae7cb6293c02ee68c5296222a80ef5a49df9
80ccdc0dc06678e0f0f38481c4efb0b34852b25504dc7ba5aa664191efe7a18c
8ead7cbd0bca870dff39c74e04f3a2ad5bccfad8ec5ae269f06e5de1ed3828f4
9e5f0d567dbaeb4271ddd77b2142f17694727625666e3b853ffbaa3ce4407078
b5f738e7255bb78557b31f603e8d27bbf589007de99735087a43de22484e4e75
baa66a18ee410a60bcbe92c16d8254648e12bcc7ccdec313b423cd44e4e702b2
ccc3a9ac48c9c12e03d6f0471d3a6f4e6e4e24ff2c782726ef76d3a534fcc81c
dfcf87d4986db1149412ffe82c31484ecb90f8ae6d086a7ede2d02b169874392
e1cd4419914b7948ad4df1535a696557785680a0a6ce6b72239f1aca1e377883
ecba40d8f1524ae5a9d84871b4db09aaf297148ef70b9c41cd6db8ec03c26cb0

webapp.spotme.com Open in urlscan Pro 2600:9000:2449:e400:15:876d:8b00:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

60 %IPv6

2 Domains

5 Subdomains

4 IPs

3 Countries

1223 kBTransfer

2794 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

webapp.spotme.com Open in urlscan Pro
2600:9000:2449:e400:15:876d:8b00:93a1 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

60 %
IPv6

2
Domains

5
Subdomains

4
IPs

3
Countries

1223 kB
Transfer

2794 kB
Size

2
Cookies

12 HTTP transactions
0 data transactions