Report - support-spotify.fr/

Report Overview

Visited public
2023-12-11 02:37:59
Tags
spotify phishing music
URL
support-spotify.fr/
Finishing URL
support-spotify.fr/user/login.php
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
Login | Spotify
Phishing - Spotify

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
support-spotify.fr	unknown	2023-12-08	2023-12-09 23:35:36	2023-12-09 23:36:14	3.8 kB	438 kB	188.114.96.1
encore.scdn.co	25928	2010-08-20	2020-07-15 16:12:23	2023-12-10 20:00:23	1.6 kB	190 kB	95.101.11.57
www-growth.scdn.co	34964	2010-08-20	2019-09-17 07:24:23	2023-12-09 12:03:50	455 B	275 B	151.101.86.248

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-09	medium	support-spotify.fr/user/login.php	Spotify

PhishTank

Scan Date	Severity	Indicator	Alert
2023-12-10	medium	support-spotify.fr/user/login.php	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	support-spotify.fr/user/login.php	ScriptElement	3.2 kB	2023-12-06	2025-02-16
Pretty URL support-spotify.fr/user/login.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-06 18:10 Last Seen2025-02-16 15:39 Times Seen60 Hash 698855ab306e9c2c403543de97113e50 a80d32eab61b243bb9a95f462ae4c595e6546208 35be4b64edaa92ce3841949f9caaf307226e5864fa33e4e9dd8aa0fa542800cd Loading...

HTTP Transactions (11)

URL IP Response Size

GET support-spotify.fr/assets/fonts/THx1Nf7TOqaI.woff2

188.114.96.1

200 OK

87 kB

URL GET HTTP/3
support-spotify.fr/assets/fonts/THx1Nf7TOqaI.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://support-spotify.fr/user/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsupport-spotify.fr
Fingerprint25:76:87:11:FF:B5:0E:31:39:2A:C2:40:5B:74:93:45:F0:78:00:87
ValidityFri, 08 Dec 2023 18:34:15 GMT - Thu, 07 Mar 2024 18:34:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 87350, version 1.66 - data
Size
87 kB (87350 bytes)
Hash
2fbf72b606d7f0b0f771ea4956a8b4d6
33783d6856da916a68a9a1fcc80f46627338fa84
1d752805498ebd36b9c69ad1d3da93b1561ea6b33f58ec89a66a4228a357dfe2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Spotify

HTTP Headers

GET /assets/fonts/THx1Nf7TOqaI.woff2 HTTP/1.1
Host: support-spotify.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://support-spotify.fr/assets/css/2Rknj0xIhV1B.css
Cookie: PHPSESSID=pkr4bj201kbpgdq9lju05vghup
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 02:37:36 GMT
content-type: font/woff2
content-length: 87350
last-modified: Mon, 30 Oct 2023 02:31:46 GMT
etag: "653f1592-15536"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dHvE89F3zBy595vhLggKl7O2Ohnh56VTVgy0w8mtjJQZ1dNimxFDyCgrWz9TZt4nudlbJgwBM9Q%2BUKPIk6hnNEyKc55OrO1tIzeDhgKmnBlKwcFAwhiv%2FnHEGxOWy%2B8HWQmfO88%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833a58bf8acbb511-OSL
alt-svc: h3=":443"; ma=86400

GET support-spotify.fr/assets/css/2Rknj0xIhV1B.css

188.114.96.1

200 OK

87 kB

URL GET HTTP/3
support-spotify.fr/assets/css/2Rknj0xIhV1B.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://support-spotify.fr/user/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsupport-spotify.fr
Fingerprint25:76:87:11:FF:B5:0E:31:39:2A:C2:40:5B:74:93:45:F0:78:00:87
ValidityFri, 08 Dec 2023 18:34:15 GMT - Thu, 07 Mar 2024 18:34:14 GMT

File type
ASCII text, with very long lines (1488), with CRLF line terminators
Size
87 kB (87359 bytes)
Hash
b2a7c7c2e7f42fe4b6c4b84cd8e884dd
fe5602f67e66b5baaa86b004631faf80b7971202
183da0f3f2e449aaaf5bb0aa08df5c35b60acc98cba9702432de88c7371fae49

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Spotify

HTTP Headers

GET /assets/css/2Rknj0xIhV1B.css HTTP/1.1
Host: support-spotify.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support-spotify.fr/user/login.php
Cookie: PHPSESSID=pkr4bj201kbpgdq9lju05vghup
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 02:37:36 GMT
content-type: text/css
last-modified: Mon, 30 Oct 2023 04:05:30 GMT
etag: W/"653f2b8a-6a46"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wtZeQAsx2ohW6yCeK3ZRyRFRJ7%2F52QUgsWoKf3hLgnQj%2BQzA4V0uPUERPZXuLpxKclH80WjGQ363nwBlVqjQEJyqWLGSN9zs2mkMEZlWjqftBtwWmTp71z4WAxWAYaCfUOwXSyA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833a58beba90b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET support-spotify.fr/assets/fonts/lGQSkegQbQiq.woff2

188.114.96.1

200 OK

90 kB

URL GET HTTP/3
support-spotify.fr/assets/fonts/lGQSkegQbQiq.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://support-spotify.fr/user/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsupport-spotify.fr
Fingerprint25:76:87:11:FF:B5:0E:31:39:2A:C2:40:5B:74:93:45:F0:78:00:87
ValidityFri, 08 Dec 2023 18:34:15 GMT - Thu, 07 Mar 2024 18:34:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 89536, version 1.66 - data
Size
90 kB (89536 bytes)
Hash
fe1cfc14b7498b187c78fa72fb72d148
6bec8ce832951162e0ebc4b257e3ee850fe7aade
039130d456855a745451bff40707bee5512bc4466373224b2258f67cc6c6d879

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Spotify

HTTP Headers

GET /assets/fonts/lGQSkegQbQiq.woff2 HTTP/1.1
Host: support-spotify.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://support-spotify.fr/assets/css/2Rknj0xIhV1B.css
Cookie: PHPSESSID=pkr4bj201kbpgdq9lju05vghup
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 02:37:36 GMT
content-type: font/woff2
content-length: 89536
last-modified: Mon, 30 Oct 2023 02:31:46 GMT
etag: "653f1592-15dc0"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0VODBMu7QNxyZ6vYCMdzsjgFjTVkj4SS42TBvDpJq3%2BeScFI0eErCMFj28nm75cqEwNZ5YD1YQNI2V4QJ%2BIcLN95SrTXR%2B5edjXsqsxud%2BiPp7PFHFdlI%2BLnCYR8x3tUOjLrJnw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833a58bf8acab511-OSL
alt-svc: h3=":443"; ma=86400

GET encore.scdn.co/1.2.3/CircularSpotify-UI-Latin-OS2v3-Bold.woff2

95.101.11.57

200 OK

64 kB

URL GET HTTP/2
encore.scdn.co/1.2.3/CircularSpotify-UI-Latin-OS2v3-Bold.woff2
IP
95.101.11.57:443
ASN
#20940 Akamai International B.V.

Requested by
https://support-spotify.fr/user/login.php
Certificate
IssuerDigiCert Inc
Subject*.scdn.co
Fingerprint0A:0F:59:45:2C:FF:37:3C:FE:37:27:AD:32:64:59:A9:5A:B6:2F:30
ValidityMon, 31 Jul 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64098, version 1.66 - data
Size
64 kB (64029 bytes)
Hash
67170478d3578576e2fb314f67cd1f8e
07d8915a30ccf7a46838991eb5ca45c6edae384c
faad3530bbb4c6f078f530a878e3a52295bcd8f7e424c97e24774dbe86375c2a

HTTP Headers

GET /1.2.3/CircularSpotify-UI-Latin-OS2v3-Bold.woff2 HTTP/1.1
Host: encore.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support-spotify.fr/
Origin: https://support-spotify.fr
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Thu, 04 Jun 2020 09:59:44 GMT
etag: "a5ac0b2089e1c087e9229c21f8dc27bc"
content-type: font/woff2
content-encoding: gzip
x-amz-checksum-crc32c: /vMmlA==
accept-ranges: bytes
content-length: 64029
cache-control: max-age=31536000
expires: Tue, 10 Dec 2024 02:37:36 GMT
date: Mon, 11 Dec 2023 02:37:36 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-max-age: 86400
access-control-allow-headers: range
access-control-allow-methods: GET
X-Firefox-Spdy: h2

GET encore.scdn.co/1.2.3/CircularSpotify-UI-Latin-OS2v3-Book.woff2

95.101.11.57

200 OK

60 kB

URL GET HTTP/2
encore.scdn.co/1.2.3/CircularSpotify-UI-Latin-OS2v3-Book.woff2
IP
95.101.11.57:443
ASN
#20940 Akamai International B.V.

Requested by
https://support-spotify.fr/user/login.php
Certificate
IssuerDigiCert Inc
Subject*.scdn.co
Fingerprint0A:0F:59:45:2C:FF:37:3C:FE:37:27:AD:32:64:59:A9:5A:B6:2F:30
ValidityMon, 31 Jul 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 59976, version 1.66 - data
Size
60 kB (59969 bytes)
Hash
343ea4d66e40737dacc56d9bf1f1c2e5
702f5ca3f25b133744cb53fc1046619b67833934
5fe0f1f2b6468439e4776211f33569c98798cc42fe05c2ec73ad82d41bc84333

HTTP Headers

GET /1.2.3/CircularSpotify-UI-Latin-OS2v3-Book.woff2 HTTP/1.1
Host: encore.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support-spotify.fr/
Origin: https://support-spotify.fr
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Thu, 04 Jun 2020 09:59:45 GMT
etag: "71fcc66327112fb20f3c8c3e60a841b6"
content-type: font/woff2
content-encoding: gzip
x-amz-checksum-crc32c: b0V1rQ==
accept-ranges: bytes
content-length: 59969
cache-control: max-age=31536000
expires: Tue, 10 Dec 2024 02:37:36 GMT
date: Mon, 11 Dec 2023 02:37:36 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-max-age: 86400
access-control-allow-headers: range
access-control-allow-methods: GET
X-Firefox-Spdy: h2

GET encore.scdn.co/1.2.3/CircularSpotify-UI-Latin-OS2v3-Black.woff2

95.101.11.57

200 OK

64 kB

URL GET HTTP/2
encore.scdn.co/1.2.3/CircularSpotify-UI-Latin-OS2v3-Black.woff2
IP
95.101.11.57:443
ASN
#20940 Akamai International B.V.

Requested by
https://support-spotify.fr/user/login.php
Certificate
IssuerDigiCert Inc
Subject*.scdn.co
Fingerprint0A:0F:59:45:2C:FF:37:3C:FE:37:27:AD:32:64:59:A9:5A:B6:2F:30
ValidityMon, 31 Jul 2023 00:00:00 GMT - Mon, 19 Aug 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63929, version 1.66 - data
Size
64 kB (63803 bytes)
Hash
c2ff0d2c6b2881a4011115f08c1e8ea8
7f839d8fbca5d17ea4b26eff4ab2d09447c34549
ec2b383c934b812a84ee52176a14cf158767c1df4b4953e86c9ceb022d89e822

HTTP Headers

GET /1.2.3/CircularSpotify-UI-Latin-OS2v3-Black.woff2 HTTP/1.1
Host: encore.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://support-spotify.fr/
Origin: https://support-spotify.fr
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Thu, 04 Jun 2020 09:59:42 GMT
etag: "067f37b9d0d5d9f50c0fa5a64875f5b9"
content-type: font/woff2
content-encoding: gzip
x-amz-checksum-crc32c: 5o2kJA==
accept-ranges: bytes
content-length: 63803
cache-control: max-age=31536000
expires: Tue, 10 Dec 2024 02:37:36 GMT
date: Mon, 11 Dec 2023 02:37:36 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-max-age: 86400
access-control-allow-headers: range
access-control-allow-methods: GET
X-Firefox-Spdy: h2

GET www-growth.scdn.co/_next/static/css/2Rknj0xIhV1B.css

151.101.86.248

404 Not Found

0 B

URL GET HTTP/1.1
www-growth.scdn.co/_next/static/css/2Rknj0xIhV1B.css
IP
151.101.86.248:443
ASN
#54113 FASTLY

Requested by
https://support-spotify.fr/user/login.php
Certificate
IssuerGlobalSign nv-sa
Subject*.scdn.co
Fingerprint5E:2A:FE:2F:3F:2C:7A:06:C0:09:1E:6B:89:77:04:2E:AC:83:DC:13
ValidityFri, 07 Jul 2023 09:04:31 GMT - Wed, 07 Aug 2024 09:04:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_next/static/css/2Rknj0xIhV1B.css HTTP/1.1
Host: www-growth.scdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support-spotify.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Connection: close
Content-Length: 0
Retry-After: 0
Accept-Ranges: bytes
Date: Mon, 11 Dec 2023 02:37:36 GMT
X-Served-By: cache-bma1644-BMA
X-Cache: MISS
X-Cache-Hits: 0
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET support-spotify.fr/assets/images/A1Ywhbg3Xes8.png

188.114.96.1

200 OK

3.6 kB

URL GET HTTP/3
support-spotify.fr/assets/images/A1Ywhbg3Xes8.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://support-spotify.fr/user/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsupport-spotify.fr
Fingerprint25:76:87:11:FF:B5:0E:31:39:2A:C2:40:5B:74:93:45:F0:78:00:87
ValidityFri, 08 Dec 2023 18:34:15 GMT - Thu, 07 Mar 2024 18:34:14 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced - data
Size
3.6 kB (3646 bytes)
Hash
326dfa6c84225dfca443693e985fdaab
5a8971cb61bcdae6431abbba6d5a79cefc7d2d45
0c7ee91862c795f69147f2174a919b1303dd28ce8ceccabe3f50ae219bfb01b7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Spotify

HTTP Headers

GET /assets/images/A1Ywhbg3Xes8.png HTTP/1.1
Host: support-spotify.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://support-spotify.fr/user/login.php
Cookie: PHPSESSID=pkr4bj201kbpgdq9lju05vghup
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 02:37:36 GMT
content-type: image/png
content-length: 3646
last-modified: Mon, 30 Oct 2023 02:31:46 GMT
etag: "653f1592-e3e"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=97iTiyGGEzF7%2BqAxW6bB1MQ3xAMQEWm5a%2FQ%2FtTHjMQMRIG8QI5C%2BD1my2vQxltExzKKchocand2RJihicAyrbn4rt1JJZlG5Rxxtwzszdz%2FLaeimD4qFEN0pd2rTqoOLPSvPHPo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833a58c10b31b511-OSL
alt-svc: h3=":443"; ma=86400

GET support-spotify.fr/

188.114.96.1

302 Found

40 kB

URL User Request GET HTTP/2
support-spotify.fr/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsupport-spotify.fr
Fingerprint25:76:87:11:FF:B5:0E:31:39:2A:C2:40:5B:74:93:45:F0:78:00:87
ValidityFri, 08 Dec 2023 18:34:15 GMT - Thu, 07 Mar 2024 18:34:14 GMT

File type

Size
40 kB (40373 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Spotify

HTTP Headers

GET / HTTP/1.1
Host: support-spotify.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 11 Dec 2023 02:37:34 GMT
content-type: text/html; charset=UTF-8
location: ./user/login.php
x-powered-by: PHP/8.1.26, PleskLin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XWSdqc99hXMiGku4r9baHMdT%2BERwVnvLG9zcO1VCErmmGL5Rj3Q36%2FqHEsxtw1%2BCW25fH3fqDgY3hffWsf844QEvcjCHWPsc5MPuE68xJ5ST8ErG7i902k9HX3Mv%2Fm9opSQXdtU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 833a58ae7f9bb509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET support-spotify.fr/assets/fonts/VJ3mIe67CNQc.woff2

188.114.96.1

200 OK

84 kB

URL GET HTTP/3
support-spotify.fr/assets/fonts/VJ3mIe67CNQc.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://support-spotify.fr/user/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsupport-spotify.fr
Fingerprint25:76:87:11:FF:B5:0E:31:39:2A:C2:40:5B:74:93:45:F0:78:00:87
ValidityFri, 08 Dec 2023 18:34:15 GMT - Thu, 07 Mar 2024 18:34:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 84088, version 1.66 - data
Size
84 kB (84088 bytes)
Hash
4eaffdf96f4c6f984686e93d5d9cb325
8c576f620ae00a66282d8eb10dc2eb580888aaf1
9b7413f945c8b8bb3f75eb10513c7ad79d386e98494d541e5f1fa9301ffbddd6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Spotify

HTTP Headers

GET /assets/fonts/VJ3mIe67CNQc.woff2 HTTP/1.1
Host: support-spotify.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://support-spotify.fr/assets/css/2Rknj0xIhV1B.css
Cookie: PHPSESSID=pkr4bj201kbpgdq9lju05vghup
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 11 Dec 2023 02:37:36 GMT
content-type: font/woff2
content-length: 84088
last-modified: Mon, 30 Oct 2023 02:31:46 GMT
etag: "653f1592-14878"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4x4gi%2F2%2FlQMH887T2yRsSeoQfKZ89syA2XtssVlIr2Bs%2FDjByCsqqmp2YlbXyuigBQ2e%2F2DNIQjgmUFNifsAFbHwjoIanRofrVP6gnXv22mXyIr9272bx2DX1Kd%2BQNrlf%2B3leDk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833a58bf7ac8b511-OSL
alt-svc: h3=":443"; ma=86400

GET support-spotify.fr/user/login.php

188.114.96.1

200 OK

40 kB

URL User Request GET HTTP/2
support-spotify.fr/user/login.php
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsupport-spotify.fr
Fingerprint25:76:87:11:FF:B5:0E:31:39:2A:C2:40:5B:74:93:45:F0:78:00:87
ValidityFri, 08 Dec 2023 18:34:15 GMT - Thu, 07 Mar 2024 18:34:14 GMT

File type

Size
40 kB (40373 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Spotify
OpenPhish	phishing	Spotify
PhishTank	phishing	Other

HTTP Headers

GET /user/login.php HTTP/1.1
Host: support-spotify.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 02:37:36 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.1.26, PleskLin
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=pkr4bj201kbpgdq9lju05vghup; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xg3fmAWTc0ckDFYknjEj%2BdaIv%2B52QwzlxZQ0Ty4ewJthcbWB%2BezojGMxCCxTBMsBeVDCB4mPPUaPiDjKYuC6jQIslacv6BuU%2Fk2W1jFjZEhaafi1J5oOdeTUm5kK2J%2BZYR92IXw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 833a58b53931b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP