urlscan.io logo urlscan.io
SecurityTrails logo

open.spotify.com Open in urlscan Pro
2600:1901:1:c36::  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.incontrol.theweightrock.com/
Effective URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Submission: On May 04 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 19 HTTP transactions. The main IP is 2600:1901:1:c36::, located in United States and belongs to GOOGLE, US. The main domain is open.spotify.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on May 3rd 2021. Valid for: a year.
This is the only time open.spotify.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 85.13.139.171 34788 (NMM-AS D)
1 2600:1901:1:c... 15169 (GOOGLE)
9 2a04:4e42:62:... 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
19 6
1    85.13.139.171 (Loebau, Germany)

ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE)
PTR: dd19328.kasserver.com
www.incontrol.theweightrock.com
1    2600:1901:1:c36:: (United States)

ASN15169 (GOOGLE, US)
open.spotify.com
9    2a04:4e42:62::760 (United States)

ASN54113 (FASTLY, US)
open.scdn.co
1    2a00:1450:400d:804::200e (Ireland)

ASN15169 (GOOGLE, US)
www.googleoptimize.com
4    2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Domain Requested by
9 open.scdn.co open.spotify.com
4 www.google.com open.spotify.com
www.gstatic.com
www.google.com
3 www.gstatic.com www.google.com
1 www.googleoptimize.com open.spotify.com
1 open.spotify.com
1 www.incontrol.theweightrock.com 1 redirects
19 6

This site contains no links.

Subject Issuer Validity Valid
*.spotify.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-03 -
2022-05-03		 a year crt.sh
*.scdn.co
DigiCert SHA2 Secure Server CA		 2020-08-05 -
2021-09-01		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2021-04-13 -
2021-07-06		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-04-13 -
2021-07-06		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-04-13 -
2021-07-06		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Frame ID: 7B3CBB9CDCC82E267306003FFE8B3143
Requests: 14 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=9qx0v7NiOAe_XnW_ULNZm9e3&size=invisible&cb=ik1tp1593xii
Frame ID: F0BD43C872E77D29BF7621DDE9404EEF
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.incontrol.theweightrock.com/ HTTP 307
    https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^envoy$/i

Page Statistics

19
Requests

95 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

1885 kB
Transfer

6306 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.incontrol.theweightrock.com/ HTTP 307
    https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 5zdyJ1tIuyuSW8o67GnglS
open.spotify.com/album/
Redirect Chain
  • https://www.incontrol.theweightrock.com/
  • https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
77 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
add671586ee6124e56b629a04bd3397797008a466236f587bd6936ff262d2b82
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-eval' blob: open.scdn.co open-review.scdn.co quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com https://s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com optimize.google.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/938675917/ 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss='; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
open.spotify.com
:scheme
https
:path
/album/5zdyJ1tIuyuSW8o67GnglS
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server
envoy
date
Tue, 04 May 2021 23:21:12 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
spotify-request-id
d232568e-0c16-4249-972f-8596062d9f34
set-cookie
sp_t=a0b2b07558515460e777026cb199a5ea; path=/; expires=Wed, 04 May 2022 23:21:12 GMT; domain=.spotify.com; samesite=none; secure sp_landing=https%3A%2F%2Fopen.spotify.com%2Falbum%2F5zdyJ1tIuyuSW8o67GnglS; path=/; expires=Wed, 05 May 2021 23:21:12 GMT; domain=.spotify.com; samesite=none; secure; httponly
content-security-policy
script-src 'self' 'unsafe-eval' blob: open.scdn.co open-review.scdn.co quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com https://s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com optimize.google.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/938675917/ 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss='; frame-ancestors 'self';
x-spotify-open-index
true
content-encoding
br
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear

Redirect headers

date
Tue, 04 May 2021 23:21:12 GMT
server
Apache
location
https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
content-length
263
content-type
text/html; charset=iso-8859-1
CircularSpUIv3T-Book.3466e0ec.woff2
open.scdn.co/cdn/fonts/ 		67 KB
68 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Book.3466e0ec.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 04 May 2021 23:21:12 GMT
Last-Modified
Thu, 17 Dec 2020 03:54:22 GMT
Age
11983320
ETag
"6ff898ba447ac00bc6e457d25bcb0be8"
X-Served-By
cache-ord1742-ORD, cache-hhn11570-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
68852
X-Cache-Hits
1, 397817
CircularSpUIv3T-Bold.8d0a45cc.woff2
open.scdn.co/cdn/fonts/ 		71 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Bold.8d0a45cc.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 04 May 2021 23:21:12 GMT
Last-Modified
Mon, 15 Mar 2021 18:32:45 GMT
Age
4333955
ETag
"c147cc237b8b07e0a8875dfbbe857b29"
X-Served-By
cache-ord1722-ORD, cache-hhn11523-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
72840
X-Cache-Hits
1, 430294
CircularSpUIv3T-Light.afd9ab26.woff2
open.scdn.co/cdn/fonts/ 		64 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Light.afd9ab26.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
db22b70f8948a77fbd54101dd8f3abcc4edc218effb29dabbbcc0e32c97aa1f9

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 04 May 2021 23:21:12 GMT
Last-Modified
Mon, 29 Mar 2021 15:41:42 GMT
Age
3122200
ETag
"fa8473268d2eac34c88a9a6ccf214f43"
X-Served-By
cache-ord1746-ORD, cache-hhn11521-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
65408
X-Cache-Hits
1, 87596
spoticon_regular_2.d319d911.woff2
open.scdn.co/cdn/fonts/ 		56 KB
56 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/spoticon_regular_2.d319d911.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 04 May 2021 23:21:12 GMT
Last-Modified
Thu, 25 Feb 2021 09:21:47 GMT
Age
5921291
ETag
"3b7bbfac9ed3e75d426728e900579aa9"
X-Served-By
cache-ord1735-ORD, cache-hhn11569-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
56996
X-Cache-Hits
1, 74202
web-player.242c0a07.css
open.scdn.co/cdn/build/web-player/ 		254 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/web-player.242c0a07.css
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c5ecd27e9634efb181a121d5b82419c3bd4ec9e70f6503e7ab8ebc3ac7f8ab28

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 04 May 2021 23:21:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 04 May 2021 12:23:53 GMT
Age
39209
ETag
"4bf7550bf5bd6ea6be1e6a3e547ac059"
X-Served-By
cache-ord1734-ORD, cache-hhn11524-HHN
X-Cache
HIT, HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
48141
X-Cache-Hits
1, 6573
vendor~web-player.842ae714.css
open.scdn.co/cdn/build/web-player/ 		22 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/vendor~web-player.842ae714.css
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1f018c594256abe2748ab090de002a49538af9a53bc1f36268181f923940378e

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 04 May 2021 23:21:12 GMT
Content-Encoding
gzip
Last-Modified
Mon, 12 Apr 2021 14:18:00 GMT
Age
1933159
ETag
"3d809aa3e9deb22b3f5ffe54d990c60b"
X-Served-By
cache-ord1742-ORD, cache-hhn11550-HHN
X-Cache
HIT, HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
3385
X-Cache-Hits
1, 133362
optimize.js
www.googleoptimize.com/ 		92 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=GTM-W53X654
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:804::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c0931b005beb731bb77071ca5d57064c143ed4359dcdd1891130896a519c8f9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 23:21:12 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36329
x-xss-protection
0
expires
Tue, 04 May 2021 23:21:12 GMT
gtm.ad58f302.js
open.scdn.co/cdn/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/js/gtm.ad58f302.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d9874563a7e3a33d16f940554ff1940e967baf3a462ae20be2cfc828d7b1056b

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 04 May 2021 23:21:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 06 Apr 2021 13:07:26 GMT
Age
2452748
ETag
"8a3fbc71292706830a9a77d1c70900a3"
X-Served-By
cache-ord1746-ORD, cache-hhn11524-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1262
X-Cache-Hits
1, 350097
api.js
www.google.com/recaptcha/ 		884 B
608 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
fb21ec526c3cb3e09ee5745b522b8961667152e5ae331818091cddde8feeff44
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 23:21:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
587
x-xss-protection
1; mode=block
expires
Tue, 04 May 2021 23:21:12 GMT
web-player.5022ea02.js
open.scdn.co/cdn/build/web-player/ 		1 MB
369 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/web-player.5022ea02.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
12e15e7ecbf074d7eabb65006c234bb44c50ec4665970e50bba1a8e847cc6dba

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 04 May 2021 23:21:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 04 May 2021 21:56:52 GMT
Age
4825
ETag
"9ad948c96b87928155b1a3f7950fecbd"
X-Served-By
cache-ord1740-ORD, cache-hhn11534-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
377883
X-Cache-Hits
2, 627
vendor~web-player.285a6f8b.js
open.scdn.co/cdn/build/web-player/ 		3 MB
848 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/vendor~web-player.285a6f8b.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
976890157b7eb0d22e7179d07b556acb9aafa7f527846956989cc0336cc4e827

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 04 May 2021 23:21:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 04 May 2021 12:23:53 GMT
Age
39209
ETag
"6777f09bcf601f83932025bdd866f1d1"
X-Served-By
cache-ord1733-ORD, cache-hhn11540-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
867598
X-Cache-Hits
1, 6837
recaptcha__en.js
www.gstatic.com/recaptcha/releases/9qx0v7NiOAe_XnW_ULNZm9e3/ 		335 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/9qx0v7NiOAe_XnW_ULNZm9e3/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b9a7ec563b4bbcbe8812d7ea1f6464bb17769fb31df55c123e413a3a7e41705
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 18:36:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17101
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
134200
x-xss-protection
0
last-modified
Mon, 26 Apr 2021 04:03:12 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 04 May 2022 18:36:11 GMT
anchor
www.google.com/recaptcha/api2/ Frame F0BD 		19 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=9qx0v7NiOAe_XnW_ULNZm9e3&size=invisible&cb=ik1tp1593xii
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/9qx0v7NiOAe_XnW_ULNZm9e3/recaptcha__en.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9b9288fae7f3eeecec8c8d96f226b3c62adb7278c96cd0c45a6e76309c15d068
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-tpZA97IbE7SPzIGk2DVzmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=9qx0v7NiOAe_XnW_ULNZm9e3&size=invisible&cb=ik1tp1593xii
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://open.spotify.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://open.spotify.com/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 04 May 2021 23:21:13 GMT
content-security-policy
script-src 'report-sample' 'nonce-tpZA97IbE7SPzIGk2DVzmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
10016
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
09f59863-8f6d-401b-a355-c00fa77c6d3c
https://open.spotify.com/ 		47 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://open.spotify.com/09f59863-8f6d-401b-a355-c00fa77c6d3c
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/album/5zdyJ1tIuyuSW8o67GnglS
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a747eab42b370dc668c766f9ecc4b2700385d9696248970441e8ff10d522871b

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
48192
styles__ltr.css
www.gstatic.com/recaptcha/releases/9qx0v7NiOAe_XnW_ULNZm9e3/ Frame F0BD 		51 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/9qx0v7NiOAe_XnW_ULNZm9e3/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=9qx0v7NiOAe_XnW_ULNZm9e3&size=invisible&cb=ik1tp1593xii
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
94b328f86382cda7d83cebb40ee8dd8f567582a60ba91a90a37f490b0f0edefa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 20:55:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 26 Apr 2021 04:03:12 GMT
server
sffe
age
8749
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25722
x-xss-protection
0
expires
Wed, 04 May 2022 20:55:24 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/9qx0v7NiOAe_XnW_ULNZm9e3/ Frame F0BD 		335 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/9qx0v7NiOAe_XnW_ULNZm9e3/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=9qx0v7NiOAe_XnW_ULNZm9e3&size=invisible&cb=ik1tp1593xii
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b9a7ec563b4bbcbe8812d7ea1f6464bb17769fb31df55c123e413a3a7e41705
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 18:36:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17102
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
134200
x-xss-protection
0
last-modified
Mon, 26 Apr 2021 04:03:12 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 04 May 2022 18:36:11 GMT
W2xNIJZa3rU__xOhJSE22-BlHC3zQORVvVWr7ErpxMA.js
www.google.com/js/bg/ Frame F0BD 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/bg/W2xNIJZa3rU__xOhJSE22-BlHC3zQORVvVWr7ErpxMA.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/9qx0v7NiOAe_XnW_ULNZm9e3/recaptcha__en.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5b6c4d20965adeb53fff13a1252136dbe0651c2df340e455bd55abec4ae9c4c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=9qx0v7NiOAe_XnW_ULNZm9e3&size=invisible&cb=ik1tp1593xii
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 18:14:24 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Thu, 22 Apr 2021 16:00:00 GMT
server
sffe
age
18409
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5734
x-xss-protection
0
expires
Wed, 04 May 2022 18:14:24 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame F0BD 		102 B
133 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=9qx0v7NiOAe_XnW_ULNZm9e3
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=9qx0v7NiOAe_XnW_ULNZm9e3&size=invisible&cb=ik1tp1593xii
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
3c794ed9998df8cdf623077dcf9df6523be8080fb2bfd82a61d5ab391ee58c02
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=9qx0v7NiOAe_XnW_ULNZm9e3&size=invisible&cb=ik1tp1593xii
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 23:21:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Tue, 04 May 2021 23:21:13 GMT

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| webpackChunkopen object| recaptcha function| setImmediate function| clearImmediate object| __SENTRY__ function| Mousetrap object| platform function| OverlayScrollbars object| google_tag_manager object| dataLayer object| google_optimize function| ownKeys function| _objectSpread function| _defineProperty function| gtag object| closure_lm_785974

3 Cookies

Domain/Path Name / Value
.spotify.com/ Name: sp_landing
Value: https%3A%2F%2Fopen.spotify.com%2Falbum%2F5zdyJ1tIuyuSW8o67GnglS
.spotify.com/ Name: sp_t
Value: a0b2b07558515460e777026cb199a5ea
open.spotify.com/album Name: loglevel
Value: WARN

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-eval' blob: open.scdn.co open-review.scdn.co quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com https://s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com optimize.google.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/938675917/ 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss='; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

open.scdn.co
open.spotify.com
www.google.com
www.googleoptimize.com
www.gstatic.com
www.incontrol.theweightrock.com
2600:1901:1:c36::
2a00:1450:4001:808::2004
2a00:1450:4001:830::2003
2a00:1450:400d:804::200e
2a04:4e42:62::760
85.13.139.171
12e15e7ecbf074d7eabb65006c234bb44c50ec4665970e50bba1a8e847cc6dba
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47
1f018c594256abe2748ab090de002a49538af9a53bc1f36268181f923940378e
3c794ed9998df8cdf623077dcf9df6523be8080fb2bfd82a61d5ab391ee58c02
5b6c4d20965adeb53fff13a1252136dbe0651c2df340e455bd55abec4ae9c4c0
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda
94b328f86382cda7d83cebb40ee8dd8f567582a60ba91a90a37f490b0f0edefa
976890157b7eb0d22e7179d07b556acb9aafa7f527846956989cc0336cc4e827
9b9288fae7f3eeecec8c8d96f226b3c62adb7278c96cd0c45a6e76309c15d068
9b9a7ec563b4bbcbe8812d7ea1f6464bb17769fb31df55c123e413a3a7e41705
a747eab42b370dc668c766f9ecc4b2700385d9696248970441e8ff10d522871b
add671586ee6124e56b629a04bd3397797008a466236f587bd6936ff262d2b82
c0931b005beb731bb77071ca5d57064c143ed4359dcdd1891130896a519c8f9d
c5ecd27e9634efb181a121d5b82419c3bd4ec9e70f6503e7ab8ebc3ac7f8ab28
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1
d9874563a7e3a33d16f940554ff1940e967baf3a462ae20be2cfc828d7b1056b
db22b70f8948a77fbd54101dd8f3abcc4edc218effb29dabbbcc0e32c97aa1f9
fb21ec526c3cb3e09ee5745b522b8961667152e5ae331818091cddde8feeff44