urlscan.io logo urlscan.io
SecurityTrails logo

open.spotify.com Open in urlscan Pro
2600:1901:1:c36::  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://spotify.xs1.sg/
Effective URL: https://open.spotify.com/user/thexscollective
Submission Tags: @phishunt_io
Submission: On June 17 via api from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 18 HTTP transactions. The main IP is 2600:1901:1:c36::, located in United States and belongs to GOOGLE, US. The main domain is open.spotify.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on May 3rd 2021. Valid for: a year.
This is the only time open.spotify.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 103.255.250.152 133210 (ENTECHNOL...)
1 2 2600:1901:1:c... 15169 (GOOGLE)
9 2a04:4e42:62:... 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
18 7
1    103.255.250.152 (Singapore, Singapore)

ASN133210 (ENTECHNOLOGIES-AS-AP EN Technologies Pte Ltd, SG)
PTR: ip103-255-250-152.sg.en.net.sg
spotify.xs1.sg
2    2600:1901:1:c36:: (United States)

ASN15169 (GOOGLE, US)
play.spotify.com
open.spotify.com
9    2a04:4e42:62::760 (United States)

ASN54113 (FASTLY, US)
open.scdn.co
1    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googleoptimize.com
1    2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
Domain Requested by
9 open.scdn.co open.spotify.com
3 www.gstatic.com www.google.com
3 www.google.com open.spotify.com
www.gstatic.com
1 www.googleoptimize.com open.spotify.com
1 open.spotify.com
1 play.spotify.com 1 redirects
1 spotify.xs1.sg 1 redirects
18 7

This site contains no links.

Subject Issuer Validity Valid
*.spotify.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-03 -
2022-05-03		 a year crt.sh
*.scdn.co
DigiCert SHA2 Secure Server CA		 2020-08-05 -
2021-09-01		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://open.spotify.com/user/thexscollective
Frame ID: 688E16450D05F7801E6E0EA5816C3892
Requests: 14 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&size=invisible&cb=upq05foxaw00
Frame ID: 4F000F7C101229613D1B8C630949D2C1
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://spotify.xs1.sg/ HTTP 301
    https://play.spotify.com/user/thexscollective HTTP 301
    https://open.spotify.com/user/thexscollective Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^envoy$/i
Overall confidence: 100%
Detected patterns
  • script /\/recaptcha\/api\.js/i

Page Statistics

18
Requests

94 %
HTTPS

86 %
IPv6

6
Domains

7
Subdomains

7
IPs

3
Countries

1971 kB
Transfer

6799 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://spotify.xs1.sg/ HTTP 301
    https://play.spotify.com/user/thexscollective HTTP 301
    https://open.spotify.com/user/thexscollective Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request thexscollective
open.spotify.com/user/
Redirect Chain
  • https://spotify.xs1.sg/
  • https://play.spotify.com/user/thexscollective
  • https://open.spotify.com/user/thexscollective
59 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://open.spotify.com/user/thexscollective
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
b9ebbd2fe4939de87bf5ca695c97737ca0f05ab8b727cc753ed6b4fa76429273
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-eval' blob: open.scdn.co open-review.scdn.co quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com https://s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com optimize.google.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/938675917/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://www.redditstatic.com/ads/pixel.js 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss='; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
open.spotify.com
:scheme
https
:path
/user/thexscollective
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server
envoy
date
Thu, 17 Jun 2021 02:42:14 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
spotify-request-id
55e6b3d3-1d6f-481e-a89b-610a04b12e95
set-cookie
sp_t=852a4116222e8ff1667d83e683484505; path=/; expires=Fri, 17 Jun 2022 02:42:14 GMT; domain=.spotify.com; samesite=none sp_landing=http%3A%2F%2Fopen.spotify.com%2Fuser%2Fthexscollective; path=/; expires=Fri, 18 Jun 2021 02:42:14 GMT; domain=.spotify.com; samesite=none; httponly
content-security-policy
script-src 'self' 'unsafe-eval' blob: open.scdn.co open-review.scdn.co quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com https://s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com optimize.google.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/938675917/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://www.redditstatic.com/ads/pixel.js 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss='; frame-ancestors 'self';
x-spotify-open-index
true
content-encoding
br
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear

Redirect headers

location
https://open.spotify.com/user/thexscollective
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
vary
Accept-Encoding
date
Thu, 17 Jun 2021 02:42:14 GMT
server
envoy
content-length
0
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear
CircularSpUIv3T-Book.3466e0ec.woff2
open.scdn.co/cdn/fonts/ 		67 KB
68 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Book.3466e0ec.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 17 Jun 2021 02:42:14 GMT
Last-Modified
Tue, 08 Jun 2021 09:36:33 GMT
Age
751695
ETag
"6ff898ba447ac00bc6e457d25bcb0be8"
X-Served-By
cache-hhn11564-HHN
X-Cache
HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
68852
X-Cache-Hits
125313
CircularSpUIv3T-Bold.8d0a45cc.woff2
open.scdn.co/cdn/fonts/ 		71 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Bold.8d0a45cc.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 17 Jun 2021 02:42:14 GMT
Last-Modified
Fri, 14 May 2021 09:29:49 GMT
Age
2911294
ETag
"c147cc237b8b07e0a8875dfbbe857b29"
X-Served-By
cache-ord1731-ORD, cache-hhn11580-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
72840
X-Cache-Hits
1, 201647
CircularSpUIv3T-Light.afd9ab26.woff2
open.scdn.co/cdn/fonts/ 		64 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Light.afd9ab26.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
db22b70f8948a77fbd54101dd8f3abcc4edc218effb29dabbbcc0e32c97aa1f9

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 17 Jun 2021 02:42:14 GMT
Last-Modified
Tue, 08 Jun 2021 09:36:33 GMT
Age
748328
ETag
"fa8473268d2eac34c88a9a6ccf214f43"
X-Served-By
cache-ord1744-ORD, cache-hhn11526-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
65408
X-Cache-Hits
1, 120328
spoticon_regular_2.d319d911.woff2
open.scdn.co/cdn/fonts/ 		56 KB
56 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/spoticon_regular_2.d319d911.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 17 Jun 2021 02:42:14 GMT
Last-Modified
Thu, 27 May 2021 15:10:51 GMT
Age
1765832
ETag
"3b7bbfac9ed3e75d426728e900579aa9"
X-Served-By
cache-ord1721-ORD, cache-hhn11574-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
56996
X-Cache-Hits
1, 82430
web-player.98ccaa24.css
open.scdn.co/cdn/build/web-player/ 		261 KB
49 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/web-player.98ccaa24.css
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
829632518c594c2b6001d72ed6afd0d9bb9ebf1bd0e7027816e768af2527dd70

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 17 Jun 2021 02:42:14 GMT
Content-Encoding
gzip
Last-Modified
Tue, 15 Jun 2021 14:20:47 GMT
Age
130647
ETag
"fce6501f7437d34b2201e321ef6016b1"
X-Served-By
cache-ord1725-ORD, cache-hhn11543-HHN
X-Cache
HIT, HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
50009
X-Cache-Hits
1, 14549
vendor~web-player.25604751.css
open.scdn.co/cdn/build/web-player/ 		30 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/vendor~web-player.25604751.css
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
19da2435e15da34d8aedb9146d81cd6889019d5710a9d3b7a3cd46f02084c58a

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 17 Jun 2021 02:42:14 GMT
Content-Encoding
gzip
Last-Modified
Tue, 08 Jun 2021 16:19:11 GMT
Age
614477
ETag
"bef316a31ce36d9ef514cfd61e036aca"
X-Served-By
cache-ord1721-ORD, cache-hhn11525-HHN
X-Cache
HIT, HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
4327
X-Cache-Hits
1, 41093
optimize.js
www.googleoptimize.com/ 		101 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=GTM-W53X654
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2778c6c568375c25d7664682b10ad931d5852906974012580c1c59c0a075b06b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 17 Jun 2021 02:42:14 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38260
x-xss-protection
0
expires
Thu, 17 Jun 2021 02:42:14 GMT
gtm.6d498f08.js
open.scdn.co/cdn/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/js/gtm.6d498f08.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
99c2c81a5a0306fb4dd75f214c9d76581557b8ee6e4f0ce1b26d9203c1abe72e

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 17 Jun 2021 02:42:14 GMT
Content-Encoding
gzip
Last-Modified
Tue, 08 Jun 2021 09:36:34 GMT
Age
613703
ETag
"a309745f6cb8bf626cfff7e4c0fa6898"
X-Served-By
cache-ord1730-ORD, cache-hhn11543-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1181
X-Cache-Hits
1, 83612
api.js
www.google.com/recaptcha/ 		884 B
729 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
badb8d99ac4af4cd2c435f9a0d4b22afc0fb9cf81a691c8dec0eaa487e7a66df
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 17 Jun 2021 02:42:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
586
x-xss-protection
1; mode=block
expires
Thu, 17 Jun 2021 02:42:14 GMT
web-player.c066dcc7.js
open.scdn.co/cdn/build/web-player/ 		1 MB
384 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/web-player.c066dcc7.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ba11fc3aff523be69aca715c5e8d14d1030c173280bd5f78939e1b0b2ed10b67

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 17 Jun 2021 02:42:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 Jun 2021 17:33:24 GMT
Age
32758
ETag
"9749841bed96ebab0a2191e610371be1"
X-Served-By
cache-ord1736-ORD, cache-hhn11527-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
393165
X-Cache-Hits
1, 3574
vendor~web-player.bd68288a.js
open.scdn.co/cdn/build/web-player/ 		4 MB
905 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/web-player/vendor~web-player.bd68288a.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ade5ef169774840823908919bfd4ff466bd50f8b96c0521de448edc477be9320

Request headers

Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 17 Jun 2021 02:42:14 GMT
Content-Encoding
gzip
Last-Modified
Thu, 10 Jun 2021 09:12:41 GMT
Age
581132
ETag
"26ca5cdadee6edcee12b12255ec09422"
X-Served-By
cache-ord1728-ORD, cache-hhn11541-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
926387
X-Cache-Hits
3, 9540
recaptcha__en.js
www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/ 		343 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
457a24764c4e5efb7b6de9b07cd544165b996f07310f9626d3571a02bd250d51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://open.spotify.com
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 16:37:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
36263
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
136998
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 22:05:37 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 16 Jun 2022 16:37:51 GMT
anchor
www.google.com/recaptcha/api2/ Frame 4F00 		38 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&size=invisible&cb=upq05foxaw00
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/recaptcha__en.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
bdb49213d385d8cd3649b93dfa1dc6d8ccc390e842a7ba03bfbb5401e6a08a85
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Xdlc1BPiy1MLiGg8jLXFMg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&size=invisible&cb=upq05foxaw00
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://open.spotify.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://open.spotify.com/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 17 Jun 2021 02:42:15 GMT
content-security-policy
script-src 'report-sample' 'nonce-Xdlc1BPiy1MLiGg8jLXFMg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
19791
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
a1fb068d-3334-4170-bc0c-ba59d3f16f05
https://open.spotify.com/ 		49 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://open.spotify.com/a1fb068d-3334-4170-bc0c-ba59d3f16f05
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/user/thexscollective
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d280ab394c1a1cb01c62abadfdb11f21cae063c63ffd3e4fb1d39802b7b11055

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
49705
styles__ltr.css
www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/ Frame 4F00 		52 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&size=invisible&cb=upq05foxaw00
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 18:41:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
28856
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25732
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 22:05:37 GMT
server
sffe
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 16 Jun 2022 18:41:19 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/ Frame 4F00 		343 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&size=invisible&cb=upq05foxaw00
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
457a24764c4e5efb7b6de9b07cd544165b996f07310f9626d3571a02bd250d51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 16:37:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
36264
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
136998
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 22:05:37 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 16 Jun 2022 16:37:51 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame 4F00 		102 B
132 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
e8f05752862160fa1888c91060a324c84870cd4bca2acee125713d11147fde5d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9vcGVuLnNwb3RpZnkuY29tOjQ0Mw..&hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&size=invisible&cb=upq05foxaw00
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 17 Jun 2021 02:42:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Thu, 17 Jun 2021 02:42:15 GMT

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| webpackChunkopen object| recaptcha function| setImmediate function| clearImmediate object| __SENTRY__ function| Mousetrap object| platform function| OverlayScrollbars object| google_tag_manager object| dataLayer object| google_optimize function| ownKeys function| _objectSpread function| _defineProperty function| gtag object| closure_lm_616179

1 Cookies

Domain/Path Name / Value
open.spotify.com/user Name: loglevel
Value: WARN

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-eval' blob: open.scdn.co open-review.scdn.co quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com https://s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com optimize.google.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/938675917/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://www.redditstatic.com/ads/pixel.js 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss='; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

open.scdn.co
open.spotify.com
play.spotify.com
spotify.xs1.sg
www.google.com
www.googleoptimize.com
www.gstatic.com
103.255.250.152
2600:1901:1:c36::
2a00:1450:4001:802::2003
2a00:1450:4001:809::2004
2a00:1450:4001:80f::2004
2a00:1450:4001:829::200e
2a04:4e42:62::760
19da2435e15da34d8aedb9146d81cd6889019d5710a9d3b7a3cd46f02084c58a
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47
2778c6c568375c25d7664682b10ad931d5852906974012580c1c59c0a075b06b
457a24764c4e5efb7b6de9b07cd544165b996f07310f9626d3571a02bd250d51
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
829632518c594c2b6001d72ed6afd0d9bb9ebf1bd0e7027816e768af2527dd70
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda
99c2c81a5a0306fb4dd75f214c9d76581557b8ee6e4f0ce1b26d9203c1abe72e
ade5ef169774840823908919bfd4ff466bd50f8b96c0521de448edc477be9320
b9ebbd2fe4939de87bf5ca695c97737ca0f05ab8b727cc753ed6b4fa76429273
ba11fc3aff523be69aca715c5e8d14d1030c173280bd5f78939e1b0b2ed10b67
badb8d99ac4af4cd2c435f9a0d4b22afc0fb9cf81a691c8dec0eaa487e7a66df
bdb49213d385d8cd3649b93dfa1dc6d8ccc390e842a7ba03bfbb5401e6a08a85
d280ab394c1a1cb01c62abadfdb11f21cae063c63ffd3e4fb1d39802b7b11055
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1
db22b70f8948a77fbd54101dd8f3abcc4edc218effb29dabbbcc0e32c97aa1f9
e8f05752862160fa1888c91060a324c84870cd4bca2acee125713d11147fde5d