urlscan.io logo urlscan.io
SecurityTrails logo

open.spotify.com Open in urlscan Pro
2600:1901:1:c36::  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.incontrol.theweightrock.com/
Effective URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Submission: On August 31 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 18 HTTP transactions. The main IP is 2600:1901:1:c36::, located in United States and belongs to GOOGLE, US. The main domain is open.spotify.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on May 3rd 2021. Valid for: a year.
This is the only time open.spotify.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 85.13.139.171 34788 (NMM-AS D)
1 2600:1901:1:c... 15169 (GOOGLE)
9 2a04:4e42:f::760 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
18 7
1    85.13.139.171 (Loebau, Germany)

ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE)
PTR: dd46616.kasserver.com
www.incontrol.theweightrock.com
1    2600:1901:1:c36:: (United States)

ASN15169 (GOOGLE, US)
open.spotify.com
9    2a04:4e42:f::760 (United States)

ASN54113 (FASTLY, US)
open.scdn.co
1    2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googleoptimize.com
1    2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
Domain Requested by
9 open.scdn.co open.spotify.com
3 www.gstatic.com www.google.com
3 www.google.com open.spotify.com
www.gstatic.com
1 www.googleoptimize.com open.spotify.com
1 open.spotify.com
1 www.incontrol.theweightrock.com 1 redirects
18 6

This site contains no links.

Subject Issuer Validity Valid
*.spotify.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-03 -
2022-05-03		 a year crt.sh
*.scdn.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-08-06 -
2022-09-02		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Frame ID: C6AD1A762EA61DF0DA039C4C6DDE67EB
Requests: 14 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=Q_rrUPkK1sXoHi4wbuDTgcQR&size=invisible&cb=unrd1e668j4t
Frame ID: 792DAE569F79C650A91DC8137704F849
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

In Control - Album by The Weight | Spotify

Page URL History Show full URLs

  1. https://www.incontrol.theweightrock.com/ HTTP 307
    https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^envoy$/i

Page Statistics

18
Requests

94 %
HTTPS

86 %
IPv6

6
Domains

6
Subdomains

7
IPs

2
Countries

1812 kB
Transfer

6183 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.incontrol.theweightrock.com/ HTTP 307
    https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 5zdyJ1tIuyuSW8o67GnglS
open.spotify.com/album/
Redirect Chain
  • https://www.incontrol.theweightrock.com/
  • https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
79 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
586047838ef6d9e6f28e1bba058cbec0a0b55c9346d27fd884b0352712df1e8a
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-eval' blob: open.scdn.co open-review.scdn.co quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com https://s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com optimize.google.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/938675917/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://www.redditstatic.com/ads/pixel.js 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss='; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
open.spotify.com
:scheme
https
:path
/album/5zdyJ1tIuyuSW8o67GnglS
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

server
envoy
date
Tue, 31 Aug 2021 22:19:20 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
spotify-request-id
84676ea1-9d3a-4a78-aedd-124e2a396666
set-cookie
sp_t=b332185e2368db2837a5e448ae1eb14e; path=/; expires=Wed, 31 Aug 2022 22:19:20 GMT; domain=.spotify.com; samesite=none; secure sp_landing=https%3A%2F%2Fopen.spotify.com%2Falbum%2F5zdyJ1tIuyuSW8o67GnglS; path=/; expires=Wed, 01 Sep 2021 22:19:20 GMT; domain=.spotify.com; samesite=none; secure; httponly
content-security-policy
script-src 'self' 'unsafe-eval' blob: open.scdn.co open-review.scdn.co quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com https://s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com optimize.google.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/938675917/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://www.redditstatic.com/ads/pixel.js 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss='; frame-ancestors 'self';
x-spotify-open-index
true
content-encoding
br
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear

Redirect headers

date
Tue, 31 Aug 2021 22:19:20 GMT
server
Apache
location
https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
content-length
263
content-type
text/html; charset=iso-8859-1
CircularSpUIv3T-Book.3466e0ec.woff2
open.scdn.co/cdn/fonts/ 		67 KB
68 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Book.3466e0ec.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 31 Aug 2021 22:19:20 GMT
Last-Modified
Tue, 08 Jun 2021 09:36:33 GMT
Age
7298952
ETag
"6ff898ba447ac00bc6e457d25bcb0be8"
X-Served-By
cache-ord1727-ORD, cache-lhr7331-LHR
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
68852
X-Cache-Hits
10, 36071
CircularSpUIv3T-Bold.8d0a45cc.woff2
open.scdn.co/cdn/fonts/ 		71 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Bold.8d0a45cc.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 31 Aug 2021 22:19:20 GMT
Last-Modified
Wed, 09 Jun 2021 07:50:22 GMT
Age
7221068
ETag
"c147cc237b8b07e0a8875dfbbe857b29"
X-Served-By
cache-ord1738-ORD, cache-lhr7365-LHR
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
72840
X-Cache-Hits
1, 84977
CircularSpUIv3T-Light.afd9ab26.woff2
open.scdn.co/cdn/fonts/ 		64 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Light.afd9ab26.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
db22b70f8948a77fbd54101dd8f3abcc4edc218effb29dabbbcc0e32c97aa1f9

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 31 Aug 2021 22:19:20 GMT
Last-Modified
Tue, 08 Jun 2021 09:36:33 GMT
Age
7298954
ETag
"fa8473268d2eac34c88a9a6ccf214f43"
X-Served-By
cache-ord1740-ORD, cache-lhr7364-LHR
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
65408
X-Cache-Hits
2, 37111
spoticon_regular_2.d319d911.woff2
open.scdn.co/cdn/fonts/ 		56 KB
56 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/spoticon_regular_2.d319d911.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 31 Aug 2021 22:19:20 GMT
Last-Modified
Thu, 10 Jun 2021 07:55:14 GMT
Age
7136632
ETag
"3b7bbfac9ed3e75d426728e900579aa9"
X-Served-By
cache-ord1744-ORD, cache-lhr7333-LHR
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
56996
X-Cache-Hits
1, 89774
web-player.df4b22c0.css
open.scdn.co/cdn/build/web-player/ 		238 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/web-player.df4b22c0.css
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3ff7ebb36784a2f31149de7be0936bdab682105c71b6c51358bd6d8bf4bba1c8

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 31 Aug 2021 22:19:20 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Aug 2021 13:55:39 GMT
Age
30103
ETag
"3ee8375170146da99a4535ac5ac692e1"
X-Served-By
cache-ord1738-ORD, cache-lhr7368-LHR
X-Cache
HIT, HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
48055
X-Cache-Hits
10, 1149
vendor~web-player.ced44631.css
open.scdn.co/cdn/build/web-player/ 		37 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/vendor~web-player.ced44631.css
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ba3c056cc07e7f138b6e1ae00a176292481c18acc90074fb8b8166352802f8d3

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 31 Aug 2021 22:19:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 27 Aug 2021 07:48:26 GMT
Age
397653
ETag
"4ca29dea8c5dca1d27a602c65481d40b"
X-Served-By
cache-ord1740-ORD, cache-lhr7352-LHR
X-Cache
HIT, HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
5065
X-Cache-Hits
1, 8610
optimize.js
www.googleoptimize.com/ 		97 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=GTM-W53X654
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d37ef89c18edc439aa343cbe8e920e6bc0f4b52eecdd6de9d48be83beeab7b10
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 31 Aug 2021 22:19:20 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39233
x-xss-protection
0
last-modified
Tue, 31 Aug 2021 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 31 Aug 2021 22:19:20 GMT
gtm.6d498f08.js
open.scdn.co/cdn/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/js/gtm.6d498f08.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
99c2c81a5a0306fb4dd75f214c9d76581557b8ee6e4f0ce1b26d9203c1abe72e

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 31 Aug 2021 22:19:20 GMT
Content-Encoding
gzip
Last-Modified
Tue, 08 Jun 2021 09:36:34 GMT
Age
7161394
ETag
"a309745f6cb8bf626cfff7e4c0fa6898"
X-Served-By
cache-ord1727-ORD, cache-lhr7368-LHR
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1181
X-Cache-Hits
2, 24027
enterprise.js
www.google.com/recaptcha/ 		974 B
719 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js?render=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f27eabcba561cbf3c33943e216ff2773dea5402ae561f0a3cf8d0943d3b24544
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 31 Aug 2021 22:19:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
617
x-xss-protection
1; mode=block
expires
Tue, 31 Aug 2021 22:19:20 GMT
web-player.b3053da9.js
open.scdn.co/cdn/build/web-player/ 		2 MB
468 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/web-player.b3053da9.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8ae0f9529aefed0b2ad27e39b427ddd7c694ee51ffe4800fa31a5d0d13786d3a

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 31 Aug 2021 22:19:20 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Aug 2021 21:36:18 GMT
Age
2509
ETag
"879000222d09bddc7d721d141f3eeae6"
X-Served-By
cache-ord1736-ORD, cache-lhr7374-LHR
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
479261
X-Cache-Hits
1, 85
vendor~web-player.2db5b0b1.js
open.scdn.co/cdn/build/web-player/ 		3 MB
664 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/vendor~web-player.2db5b0b1.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ab9c5c6b40e0ece71dc8f4fb00a28fcdd90016a83b89ad0790a377a48ec50dde

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 31 Aug 2021 22:19:20 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Aug 2021 21:36:17 GMT
Age
2509
ETag
"ec98707bb9b2f05de5b837e41949140b"
X-Served-By
cache-ord1738-ORD, cache-lhr7326-LHR
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
679212
X-Cache-Hits
1, 25
recaptcha__en.js
www.gstatic.com/recaptcha/releases/Q_rrUPkK1sXoHi4wbuDTgcQR/ 		340 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/Q_rrUPkK1sXoHi4wbuDTgcQR/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fdb97f4c7f832b7b6c32c1e08aa06f3f1a04a8237f8847648793f3ce277edbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 30 Aug 2021 15:30:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
110951
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
135330
x-xss-protection
0
last-modified
Mon, 23 Aug 2021 04:03:35 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 30 Aug 2022 15:30:09 GMT
anchor
www.google.com/recaptcha/enterprise/ Frame 792D 		39 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=Q_rrUPkK1sXoHi4wbuDTgcQR&size=invisible&cb=unrd1e668j4t
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Q_rrUPkK1sXoHi4wbuDTgcQR/recaptcha__en.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c0d1f07914d64cf3830528329927ad9577d46cc6a353c83601f94ae8ff51c205
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-FSDaMPHpbK6h0yaUjrckAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/enterprise/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=Q_rrUPkK1sXoHi4wbuDTgcQR&size=invisible&cb=unrd1e668j4t
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://open.spotify.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://open.spotify.com/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 31 Aug 2021 22:19:21 GMT
content-security-policy
script-src 'report-sample' 'nonce-FSDaMPHpbK6h0yaUjrckAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
19872
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
3d195611-1156-4b64-af93-32573f946477
https://open.spotify.com/ 		50 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://open.spotify.com/3d195611-1156-4b64-af93-32573f946477
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7ef7aa8014cd28b1785ddc88c0b0bf8356766798f63b4ef4896f7827b2389a96

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Length
51439
styles__ltr.css
www.gstatic.com/recaptcha/releases/Q_rrUPkK1sXoHi4wbuDTgcQR/ Frame 792D 		52 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/Q_rrUPkK1sXoHi4wbuDTgcQR/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=Q_rrUPkK1sXoHi4wbuDTgcQR&size=invisible&cb=unrd1e668j4t
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 31 Aug 2021 16:26:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21170
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25732
x-xss-protection
0
last-modified
Mon, 23 Aug 2021 04:03:35 GMT
server
sffe
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 31 Aug 2022 16:26:31 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/Q_rrUPkK1sXoHi4wbuDTgcQR/ Frame 792D 		340 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/Q_rrUPkK1sXoHi4wbuDTgcQR/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=Q_rrUPkK1sXoHi4wbuDTgcQR&size=invisible&cb=unrd1e668j4t
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fdb97f4c7f832b7b6c32c1e08aa06f3f1a04a8237f8847648793f3ce277edbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 30 Aug 2021 15:30:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
110952
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
135330
x-xss-protection
0
last-modified
Mon, 23 Aug 2021 04:03:35 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 30 Aug 2022 15:30:09 GMT
webworker.js
www.google.com/recaptcha/enterprise/ Frame 792D 		102 B
132 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=Q_rrUPkK1sXoHi4wbuDTgcQR
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
cbc0e03691e5e7313ecf467ac3a50c7d78f6ee259c490c0ded16707330da81fa
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=Q_rrUPkK1sXoHi4wbuDTgcQR&size=invisible&cb=unrd1e668j4t
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 31 Aug 2021 22:19:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Tue, 31 Aug 2021 22:19:21 GMT

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| webpackChunkopen function| setImmediate function| clearImmediate object| __SENTRY__ object| platform function| OverlayScrollbars function| Mousetrap object| google_tag_manager object| dataLayer object| google_optimize function| ownKeys function| _objectSpread function| _defineProperty function| gtag object| closure_lm_489997

3 Cookies

Domain/Path Name / Value
.spotify.com/ Name: sp_landing
Value: https%3A%2F%2Fopen.spotify.com%2Falbum%2F5zdyJ1tIuyuSW8o67GnglS
.spotify.com/ Name: sp_t
Value: b332185e2368db2837a5e448ae1eb14e
open.spotify.com/album Name: loglevel
Value: WARN

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-eval' blob: open.scdn.co open-review.scdn.co quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com https://s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com optimize.google.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/938675917/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://www.redditstatic.com/ads/pixel.js 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss='; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

open.scdn.co
open.spotify.com
www.google.com
www.googleoptimize.com
www.gstatic.com
www.incontrol.theweightrock.com
2600:1901:1:c36::
2a00:1450:4001:801::2004
2a00:1450:4001:803::200e
2a00:1450:4001:827::2003
2a00:1450:4001:82b::2004
2a04:4e42:f::760
85.13.139.171
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47
3ff7ebb36784a2f31149de7be0936bdab682105c71b6c51358bd6d8bf4bba1c8
4fdb97f4c7f832b7b6c32c1e08aa06f3f1a04a8237f8847648793f3ce277edbd
586047838ef6d9e6f28e1bba058cbec0a0b55c9346d27fd884b0352712df1e8a
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
7ef7aa8014cd28b1785ddc88c0b0bf8356766798f63b4ef4896f7827b2389a96
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda
8ae0f9529aefed0b2ad27e39b427ddd7c694ee51ffe4800fa31a5d0d13786d3a
99c2c81a5a0306fb4dd75f214c9d76581557b8ee6e4f0ce1b26d9203c1abe72e
ab9c5c6b40e0ece71dc8f4fb00a28fcdd90016a83b89ad0790a377a48ec50dde
ba3c056cc07e7f138b6e1ae00a176292481c18acc90074fb8b8166352802f8d3
c0d1f07914d64cf3830528329927ad9577d46cc6a353c83601f94ae8ff51c205
cbc0e03691e5e7313ecf467ac3a50c7d78f6ee259c490c0ded16707330da81fa
d37ef89c18edc439aa343cbe8e920e6bc0f4b52eecdd6de9d48be83beeab7b10
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1
db22b70f8948a77fbd54101dd8f3abcc4edc218effb29dabbbcc0e32c97aa1f9
f27eabcba561cbf3c33943e216ff2773dea5402ae561f0a3cf8d0943d3b24544