| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/cs.js.download |  162.210.98.102 | 200 OK | 0 B |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/cs.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/cs.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 0
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/analytics.js.download | 162.210.98.102 | 200 OK | 36 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/analytics.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1952) Hashde39a19dfc75359d8eb0727ce0fa486b 85f77da7711ac89a15348be015119ed2d496b080 f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/analytics.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 35943
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/linkid.js.download | 162.210.98.102 | 200 OK | 1.6 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/linkid.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1335) Hash0cc3a63fe10060af4a349e5df666eefe 3e8d3925b550345123f2cab26568221fd4154f9c 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/linkid.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 1569
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/jquery-2-0680c441b5.1.3.min.js.download | 162.210.98.102 | 200 OK | 91 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/jquery-2-0680c441b5.1.3.min.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32051) Hash5b317416adba1f91c7ff4d51862563e8 3225ce7cc27e954937e20be5fe85a34622f3657e 47f9f6c522efd88a46c6c3fa800ed2a3d047ccc86eed91da596713f6a3d1c697
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/jquery-2-0680c441b5.1.3.min.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 91316
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/spotify-b24b86f287.css | 162.210.98.102 | 200 OK | 47 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/spotify-b24b86f287.css IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (65371) Hashb24b86f28756cb89dd2e67474c1f0154 d45a1d0b6d12f23335500eb7e6310aab67b9f631 4c0d6e170a34d0937138d358b54a6dcbef2285b8758a8c9cd661a06b36b48544
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/spotify-b24b86f287.css HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 May 2024 00:03:16 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 46708
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/account-f4e3384ead.css | 162.210.98.102 | 200 OK | 20 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/account-f4e3384ead.css IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashf4e3384eada4161ec24bfb1ed4d25921 664465727c036b590a7fd56b32886178afd9b8d3 f338da9ba5ffd21ab94361ff64b959a5aa0eeb4331d24e0672bd5aedd95e0e54
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/account-f4e3384ead.css HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 May 2024 00:03:16 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 19:15:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 19615
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/tracking-2e5455755b.download.js.download | 162.210.98.102 | 200 OK | 587 B |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/tracking-2e5455755b.download.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (529) Hash57c4689e659a0927215852e0aeddb9dd 3a100ec0b47a9687bcdd5ac53ed17752bca723ba 7a27bf5670f0705deaf6930292b4c07adc8def0b3707017f5ede64cd6902bdc3
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/tracking-2e5455755b.download.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 587
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/modernizr-bc8113e41c.js.download | 162.210.98.102 | 200 OK | 9.3 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/modernizr-bc8113e41c.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (9289), with no line terminators Hashbc8113e41c225ac8c4a308b487d10a05 a0962a6759bbcb4b0fdf6ecb09e49e5b7c6bdb99 f746730d7cc7806bfda4862e7c23206f3e426eb1be329dabeaaba63905e139f1
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/modernizr-bc8113e41c.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 9289
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/config.aspx | 162.210.98.102 | 200 OK | 169 B |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/config.aspx IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeASCII text, with CRLF line terminators Hash2f97d6263c0aab03d3dbb0ded2dc64c9 287c361a50ab3a945bb9f983c9ebcad037044359 0c502860743064cfa3676f406e8ad5a4f451c7db898a14b6990d717f255c239d
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/config.aspx HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 169
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/sessioncam.recorder.js.download | 162.210.98.102 | 200 OK | 272 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/sessioncam.recorder.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (62636), with CRLF line terminators Size272 kB (272368 bytes) Hash11c737741d70abf883cf88b565b1b1b2 9ea78c88c70a65fe5332aab6eb0640ba5d354074 86fb0c45db2380238f0a52b4074889b90e2b99f8379d86bae923ecafd979a484
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/sessioncam.recorder.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 272368
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| www.googletagmanager.com/gtm.js?id=GTM-7BJJ | 142.250.74.168 | 200 OK | 156 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-7BJJ IP142.250.74.168:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, ASCII text, with very long lines (55667) Size156 kB (156508 bytes) Hashb4f84b4518ee5f2e1fb62dcc1ea143c6 a1bc2b89b36dcfc1511e9bd138f12049bee3aab4 a1b0a6a83afa1f54cad0ecf6aafae8015b49ee2dfd2c7f89c2d88c0eb4ec66b5
GET /gtm.js?id=GTM-7BJJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: gzip
vary: Accept-Encoding
date: Sat, 27 Apr 2024 00:03:16 GMT
expires: Sat, 27 Apr 2024 00:03:16 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 156508
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.scdn.co/build/js/sp-analytics-a3e2493d01.js |  151.101.238.248 | 200 OK | 2.9 kB |
URL GET HTTP/1.1www.scdn.co/build/js/sp-analytics-a3e2493d01.js IP151.101.238.248:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerGlobalSign nv-sa Subject*.scdn.co Fingerprint96:08:82:C2:CB:0C:82:BD:0A:EA:18:76:73:89:54:F3:EC:97:D3:1C ValidityTue, 09 Apr 2024 09:05:08 GMT - Sun, 11 May 2025 09:05:07 GMT
File typeJavaScript source, ASCII text, with very long lines (7916) Hash3b8ea9b9fed8d12d22fd1c7b7c4367b8 f9129a0d8d9d4f4d32bc28a9591407280413de56 6cdbd83431a2ec14c784a34ce8bf57af46863a2e5c6b39fff81f4967a47f88b4
GET /build/js/sp-analytics-a3e2493d01.js HTTP/1.1
Host: www.scdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 2934
Last-Modified: Thu, 09 Aug 2018 08:55:55 GMT
ETag: "3b8ea9b9fed8d12d22fd1c7b7c4367b8"
x-goog-generation: 1533804955085745
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7969
x-amz-meta-goog-reserved-file-mtime: 1533804724
Content-Type: application/javascript
x-amz-checksum-crc32c: n4QGTQ==
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 1631834
Date: Sat, 27 Apr 2024 00:03:16 GMT
Timing-Allow-Origin: *
X-Served-By: cache-chi-klot8100105-CHI, cache-osl6520-OSL
X-Cache: HIT, HIT
X-Cache-Hits: 111, 0
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. | 162.210.98.102 | 200 OK | 24 kB |
URL User Request GET HTTP/2spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. IP162.210.98.102:443
CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (5891), with CRLF line terminators Hashe2d20b0f632ed9a5e6309b90706ffa13 b02c823e6209ff24b1699e29d3b862da50a9a7d1 18f15fcac75e1eaa312a5e76d22e4a72321ed60e5f228beb96a1a2a6df373cfa
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
set-cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding
date: Sat, 27 Apr 2024 00:03:15 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
|
|
| sp-bootstrap.global.ssl.fastly.net/8.2.2/fonts/circular-book.woff2 | 151.101.193.194 | 200 OK | 70 kB |
URL GET HTTP/1.1sp-bootstrap.global.ssl.fastly.net/8.2.2/fonts/circular-book.woff2 IP151.101.193.194:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerGlobalSign nv-sa Subject*.freetls.fastly.net Fingerprint13:7B:FA:B1:26:5B:96:7B:F4:C2:D9:11:1A:0B:46:9E:88:6E:6D:AF ValidityThu, 09 Nov 2023 23:08:33 GMT - Tue, 10 Dec 2024 23:08:32 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 70092, version 1.66 Hashc4f753e765823b94234e7f5ccd733f44 a72936a414a65b114d4901b8cacd9e86ca22e0f6 6384070e855e2ec15caefb6334ab2c4b1b9e798ce2e369cc00f0d47a41138e0d
GET /8.2.2/fonts/circular-book.woff2 HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://spotify.nethottrading.com
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 70092
Cache-Control: private, max-age=0
Last-Modified: Mon, 21 Mar 2022 12:56:10 GMT
ETag: "c4f753e765823b94234e7f5ccd733f44"
x-goog-generation: 1647867370127572
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 70092
x-amz-meta-goog-reserved-file-mtime: 1520364386
Content-Type: font/woff2
x-amz-checksum-crc32c: 1fg5Dg==
Accept-Ranges: bytes
Age: 364400
Date: Sat, 27 Apr 2024 00:03:16 GMT
X-Served-By: cache-chi-kigq8000171-CHI, cache-hel1410026-HEL
X-Cache: HIT, HIT
X-Cache-Hits: 9, 0
Access-Control-Allow-Origin: *
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/js | 162.210.98.102 | 200 OK | 359 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/js IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (22748) Size359 kB (358638 bytes) Hasha7af001da849d809d0f16b3bdd5f0668 f6bd7799bbea9d34abfad4ab39164986f3f0a5a7 8a0156db1ad2b52b71917ba2a0bc340e38aca46b27492c0754215130a6e218fd
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/js HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 358638
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| sp-bootstrap.global.ssl.fastly.net/8.2.2/fonts/circular-bold.woff2 | 151.101.193.194 | 200 OK | 76 kB |
URL GET HTTP/1.1sp-bootstrap.global.ssl.fastly.net/8.2.2/fonts/circular-bold.woff2 IP151.101.193.194:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerGlobalSign nv-sa Subject*.freetls.fastly.net Fingerprint13:7B:FA:B1:26:5B:96:7B:F4:C2:D9:11:1A:0B:46:9E:88:6E:6D:AF ValidityThu, 09 Nov 2023 23:08:33 GMT - Tue, 10 Dec 2024 23:08:32 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 75488, version 1.66 Hashc094813cfe6be5d188f4e506b6ffca1b 2b041388298e3ac01e4b3ecbdf09214cabe0eefe fdf0e3938479eb6e108e7869436051b7072b9a18ecb98b3c6b49d1b29d8bc758
GET /8.2.2/fonts/circular-bold.woff2 HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://spotify.nethottrading.com
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 75488
Cache-Control: private, max-age=0
Last-Modified: Mon, 21 Mar 2022 12:56:10 GMT
ETag: "c094813cfe6be5d188f4e506b6ffca1b"
x-goog-generation: 1647867370103079
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 75488
x-amz-meta-goog-reserved-file-mtime: 1520364386
Content-Type: font/woff2
x-amz-checksum-crc32c: c0lRgg==
Accept-Ranges: bytes
Age: 1402561
Date: Sat, 27 Apr 2024 00:03:16 GMT
X-Served-By: cache-chi-klot8100142-CHI, cache-hel1410026-HEL
X-Cache: HIT, HIT
X-Cache-Hits: 10, 0
Access-Control-Allow-Origin: *
|
|
| sp-bootstrap.global.ssl.fastly.net/8.2.2/fonts/circular-black.woff2 | 151.101.193.194 | 200 OK | 74 kB |
URL GET HTTP/1.1sp-bootstrap.global.ssl.fastly.net/8.2.2/fonts/circular-black.woff2 IP151.101.193.194:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerGlobalSign nv-sa Subject*.freetls.fastly.net Fingerprint13:7B:FA:B1:26:5B:96:7B:F4:C2:D9:11:1A:0B:46:9E:88:6E:6D:AF ValidityThu, 09 Nov 2023 23:08:33 GMT - Tue, 10 Dec 2024 23:08:32 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 73892, version 1.66 Hash56b510f616f840ffde8f3955349a6c5a ae28fec7deef4a59127d910daca6020d5f465c54 d77456e48416e475066a580b2050cee4f86a3819556d0ddf90d81250f3af9de2
GET /8.2.2/fonts/circular-black.woff2 HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://spotify.nethottrading.com
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 73892
Cache-Control: private, max-age=0
Last-Modified: Mon, 21 Mar 2022 12:56:10 GMT
ETag: "56b510f616f840ffde8f3955349a6c5a"
x-goog-generation: 1647867370084063
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 73892
x-amz-meta-goog-reserved-file-mtime: 1520364386
Content-Type: font/woff2
x-amz-checksum-crc32c: gPhk7g==
Accept-Ranges: bytes
Age: 16917
Date: Sat, 27 Apr 2024 00:03:16 GMT
X-Served-By: cache-chi-kigq8000091-CHI, cache-hel1410026-HEL
X-Cache: MISS, HIT
X-Cache-Hits: 0, 0
Access-Control-Allow-Origin: *
|
|
| sp-bootstrap.global.ssl.fastly.net/8.2.2/images/flags/us.svg | 151.101.193.194 | 200 OK | 615 B |
URL GET HTTP/1.1sp-bootstrap.global.ssl.fastly.net/8.2.2/images/flags/us.svg IP151.101.193.194:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerGlobalSign nv-sa Subject*.freetls.fastly.net Fingerprint13:7B:FA:B1:26:5B:96:7B:F4:C2:D9:11:1A:0B:46:9E:88:6E:6D:AF ValidityThu, 09 Nov 2023 23:08:33 GMT - Tue, 10 Dec 2024 23:08:32 GMT
File typeSVG Scalable Vector Graphics image Hashcfa4add35aee59ce8a1a8a0d6432ff75 50acfbe9901041a7617dd963d38befba2341e84d 4f1bcb5212b33f8a26d734cc11383529bee84b4a70dce1d6c6c0385997e906b6
GET /8.2.2/images/flags/us.svg HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 615
Cache-Control: private, max-age=0
Last-Modified: Mon, 21 Mar 2022 12:56:12 GMT
ETag: "cfa4add35aee59ce8a1a8a0d6432ff75"
x-goog-generation: 1647867372576078
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4488
x-amz-meta-goog-reserved-file-mtime: 1520364386
Content-Type: image/svg+xml
x-amz-checksum-crc32c: 4b7+DA==
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 1774786
Date: Sat, 27 Apr 2024 00:03:16 GMT
X-Served-By: cache-chi-kigq8000040-CHI, cache-hel1410024-HEL
X-Cache: HIT, HIT
X-Cache-Hits: 660, 0
Access-Control-Allow-Origin: *
|
|
| www.googletagmanager.com/a?id=GTM-P9JKJ53&cv=603&v=t&n=ga&s=h1&h=669&p=ga&o=2000&l=664&sr=0.050000&ps=0.02126232265395911&cb=1304546409 | 142.250.74.168 | 400 Bad Request | 1.6 kB |
URL GET HTTP/3www.googletagmanager.com/a?id=GTM-P9JKJ53&cv=603&v=t&n=ga&s=h1&h=669&p=ga&o=2000&l=664&sr=0.050000&ps=0.02126232265395911&cb=1304546409 IP142.250.74.168:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1136) Hashfbe36eb2eecf1b90451a3a72701e49d2 ae56ea57c52d1153cec33cef91cf935d2d3af14d e8f2ded5d74c0ee5f427a20b6715e65bc79ed5c4fc67fb00d89005515c8efe63
GET /a?id=GTM-P9JKJ53&cv=603&v=t&n=ga&s=h1&h=669&p=ga&o=2000&l=664&sr=0.050000&ps=0.02126232265395911&cb=1304546409 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 400 Bad Request
date: Sat, 27 Apr 2024 00:03:17 GMT
content-type: text/html; charset=UTF-8
server: Google Tag Manager
content-length: 1555
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/account-bb92d6d161.js.download | 162.210.98.102 | 200 OK | 96 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/account-bb92d6d161.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32110) Hash641c3f0c5162c369f8b766d7161002f5 5ba0b838fedfe40c3db37fa3e437c98a6bd21e9c 1dd170494729c447e302d97573952ce2f9240828667077002a33659cbd630515
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/account-bb92d6d161.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 96143
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/bon-32c3a6a7e1.js.download | 162.210.98.102 | 200 OK | 1.0 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/bon-32c3a6a7e1.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (993) Hash89a28682365454f62428cee509e5b7aa 987a4b9dd3236b873e2f28e2479bccfb694df2d9 f11d7d6ed5c317cc6a3b7d5fd4a39074d85755b62e8c4b89ad14f17543228f58
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/bon-32c3a6a7e1.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 1037
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/vt-150.js.download | 162.210.98.102 | 200 OK | 13 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/vt-150.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (8026) Hashfef36fc76978876b1322842632d25558 22c1ba21d721d91f0ba37d83afe771211272c3fe a82aced2748c469291c626a24f701f5e1230435f3e59576257bf87b287295f7c
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/vt-150.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 12940
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/analytics.js.download | 162.210.98.102 | 200 OK | 36 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/analytics.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1952) Hashde39a19dfc75359d8eb0727ce0fa486b 85f77da7711ac89a15348be015119ed2d496b080 f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/analytics.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 35943
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/spweb-site-efa1133a2d.min.js.download | 162.210.98.102 | 200 OK | 105 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/spweb-site-efa1133a2d.min.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32045) Size105 kB (104937 bytes) Hash77354b997addba29ac951b0477b2ad4a 7b2a7a115d01ef5b7cd6f9d496c3b861953194fb 697fc56c65af32536c2064f742a94c33868b495537236c3d0cea3b774b6f06d9
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/spweb-site-efa1133a2d.min.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:07 GMT
accept-ranges: bytes
content-length: 104937
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| pixel.spotify.com/v2/sync?ce=1&pp= | 35.186.224.25 | 200 OK | 41 B |
URL GET HTTP/3pixel.spotify.com/v2/sync?ce=1&pp= IP35.186.224.25:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerDigiCert Inc Subject*.spotify.com Fingerprint69:2B:36:29:F0:B5:FC:1B:A3:57:A6:76:E6:92:EF:30:14:22:34:6A ValidityMon, 05 Feb 2024 00:00:00 GMT - Tue, 04 Feb 2025 23:59:59 GMT
Hash01d2b27283c411b7dcd64e51a0cf4395 4188f57e816f35f0c6c163e8c0580da3aad3acf8 c8605f6fa6cc0003eceefe827d66e5938b74afd51cbf5319c2917f739277e89a
GET /v2/sync?ce=1&pp= HTTP/1.1
Host: pixel.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://spotify.nethottrading.com
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json
cache-control: private, max-age=0
access-control-allow-origin: https://spotify.nethottrading.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 41
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Sat, 27 Apr 2024 00:03:16 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.scdn.co/i/_global/touch-icon-144.png | 151.101.238.248 | 200 OK | 4.8 kB |
URL GET HTTP/1.1www.scdn.co/i/_global/touch-icon-144.png IP151.101.238.248:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerGlobalSign nv-sa Subject*.scdn.co Fingerprint96:08:82:C2:CB:0C:82:BD:0A:EA:18:76:73:89:54:F3:EC:97:D3:1C ValidityTue, 09 Apr 2024 09:05:08 GMT - Sun, 11 May 2025 09:05:07 GMT
File typePNG image data, 144 x 144, 8-bit/color RGB, non-interlaced Hashff2831d235fec7c02db449621525990e ac0c4c81a0267d8d841ae9525ea230c51a891baa 0d25218c1914875469ecbd168fdddbba2feb01bf5dead8c5836b6c375ea85d45
GET /i/_global/touch-icon-144.png HTTP/1.1
Host: www.scdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 4776
Last-Modified: Fri, 09 Dec 2022 09:15:45 GMT
ETag: "ff2831d235fec7c02db449621525990e"
x-goog-generation: 1670577344886845
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4776
x-amz-meta-goog-reserved-file-mtime: 1670576184
Content-Type: image/png
x-amz-checksum-crc32c: wcQOyQ==
Accept-Ranges: bytes
Date: Sat, 27 Apr 2024 00:03:17 GMT
Age: 1963690
Timing-Allow-Origin: *
X-Served-By: cache-chi-klot8100020-CHI, cache-osl6520-OSL
X-Cache: HIT, HIT
X-Cache-Hits: 1774, 242
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
|
|
| www.scdn.co/i/_global/favicon.png | 151.101.238.248 | 200 OK | 3.6 kB |
URL GET HTTP/1.1www.scdn.co/i/_global/favicon.png IP151.101.238.248:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerGlobalSign nv-sa Subject*.scdn.co Fingerprint96:08:82:C2:CB:0C:82:BD:0A:EA:18:76:73:89:54:F3:EC:97:D3:1C ValidityTue, 09 Apr 2024 09:05:08 GMT - Sun, 11 May 2025 09:05:07 GMT
File typePNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced Hash326dfa6c84225dfca443693e985fdaab 5a8971cb61bcdae6431abbba6d5a79cefc7d2d45 0c7ee91862c795f69147f2174a919b1303dd28ce8ceccabe3f50ae219bfb01b7
GET /i/_global/favicon.png HTTP/1.1
Host: www.scdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 3646
Last-Modified: Fri, 09 Dec 2022 09:15:44 GMT
ETag: "326dfa6c84225dfca443693e985fdaab"
x-goog-generation: 1670577344003625
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 3646
x-amz-meta-goog-reserved-file-mtime: 1670576184
Content-Type: image/png
x-amz-checksum-crc32c: iuRMew==
Accept-Ranges: bytes
Date: Sat, 27 Apr 2024 00:03:17 GMT
Age: 1826444
Timing-Allow-Origin: *
X-Served-By: cache-chi-klot8100076-CHI, cache-osl6520-OSL
X-Cache: HIT, HIT
X-Cache-Hits: 5117, 1494
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
|
|
| d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js | 143.204.42.150 | 200 OK | 169 B |
URL GET HTTP/1.1d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js IP143.204.42.150:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
Hash5717f0c65b6c1db2c16049daf3a8570f 6cff4b9e363d597dc223e2615605175b15181e7c 99c7ea75e577945ad7a955f64ee53db86cad30a488c34306d6ec0788fe4fe03d
GET /Record/js/sessioncam.recorder.js HTTP/1.1
Host: d2oh4tlt9mrke9.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 169
Connection: keep-alive
Date: Fri, 26 Apr 2024 17:36:36 GMT
Last-Modified: Tue, 09 May 2023 06:44:09 GMT
ETag: "d72d9f955f73ac4670c04333f9c658be"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=43200
Content-Encoding: gzip
x-amz-version-id: 4LJ4mpDpZkeeFIyRkOV.KwIO3JkaD2_i
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NrW2X0C_A9CM9shuH8z4dps6WK_2aAPz7zqV__VWnB9hRe-NfVhpvQ==
Age: 23202
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html | 162.210.98.102 | 200 OK | 1.2 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (886) Hash0d832a9f99e2ad289b58c4e80239f8cb 78fd4155e9b569c2528ec2ed5db83007d429be7e a0862da359a3e1776a47a1885725cf0c63886e0cde6e7b3536c2d2f7b902b50d
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: sss=1; PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a; _ga=GA1.2.1097178279.1714176196; _gid=GA1.2.1227665074.1714176196; sc.ASP.NET_SESSIONID=nrieiiimnpayk2gp5jp5vaqp; spAnalytics_id=eyJkZXZpY2VJZCI6ImRjODYzYjY2ODA1MjM2YmYxMjg5YmUxMGI0MGVlMzQxIiwidXNlcklkIjpudWxsfQ==; __bon=MTY0YzE2YjhhMzlkZjQzYjU2ZmQ3ODhlNDNmNDM4NzI0MjcwMDI4MzAxYmVhMzI1ZjZkNTBlNGNkMDNmMWYwN3xvak1QYjdvd2JSWE1HZ2hlc1c5Y3FYY3kvTEJnbnc0MkxLK1NEUElwbFJiaHhiWjV5N1N4WUpNQmQyR3ppWXFMSHN1YkFaZlFNU1pFbkQ3bnZ3VXgySlZQMGJyZ3phbWFWaGtMWUE0bjZGSitvSHZ2OXgyOVRYOWRTc0FCRzVLTTRUTDV6cDlXYlF5NnFVaXVweGNqVkp3TUp1NlZqQ25qbnZkN2JzMVp5MkRCWFp2NzFNZmc4bWZVUGFITFp1VHBUZU8vMVNnTnJlR1VWUXBqSWFxUHFDaU9OeVF4K1lOaHhTeS9SU0xsbTc3QS9wNlFrT1M4WGZ5ZkZrUmVaMEVBfDE1MjMwNjE5NTl8NzIzOTQ3NDc0fDMwNDA1NzkzOTA4fDF8MXwxfDA=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/html
last-modified: Fri, 26 Apr 2024 19:15:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1195
date: Sat, 27 Apr 2024 00:03:17 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/bat.js.download | 162.210.98.102 | 200 OK | 14 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/bat.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (14093), with no line terminators Hashcd1552483a0c0341e397ffb9b9a1905b 53a7a70063695eedf8a2fccb01225b39f5a50cd0 8f664e230aa5f9c01e7759b2762c67627c3349d02d199654162b35ab14b641aa
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/bat.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html
Cookie: sss=1; PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a; _ga=GA1.2.1097178279.1714176196; _gid=GA1.2.1227665074.1714176196; sc.ASP.NET_SESSIONID=nrieiiimnpayk2gp5jp5vaqp; spAnalytics_id=eyJkZXZpY2VJZCI6ImRjODYzYjY2ODA1MjM2YmYxMjg5YmUxMGI0MGVlMzQxIiwidXNlcklkIjpudWxsfQ==; __bon=MTY0YzE2YjhhMzlkZjQzYjU2ZmQ3ODhlNDNmNDM4NzI0MjcwMDI4MzAxYmVhMzI1ZjZkNTBlNGNkMDNmMWYwN3xvak1QYjdvd2JSWE1HZ2hlc1c5Y3FYY3kvTEJnbnc0MkxLK1NEUElwbFJiaHhiWjV5N1N4WUpNQmQyR3ppWXFMSHN1YkFaZlFNU1pFbkQ3bnZ3VXgySlZQMGJyZ3phbWFWaGtMWUE0bjZGSitvSHZ2OXgyOVRYOWRTc0FCRzVLTTRUTDV6cDlXYlF5NnFVaXVweGNqVkp3TUp1NlZqQ25qbnZkN2JzMVp5MkRCWFp2NzFNZmc4bWZVUGFITFp1VHBUZU8vMVNnTnJlR1VWUXBqSWFxUHFDaU9OeVF4K1lOaHhTeS9SU0xsbTc3QS9wNlFrT1M4WGZ5ZkZrUmVaMEVBfDE1MjMwNjE5NTl8NzIzOTQ3NDc0fDMwNDA1NzkzOTA4fDF8MXwxfDA=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 14093
date: Sat, 27 Apr 2024 00:03:17 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/conversion.js.download | 162.210.98.102 | 200 OK | 20 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/conversion.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1475) Hash91d43ac0118a161fb9346c74edc45907 8baa1d5714d29187e84c34a06e9e4eaae70cac32 5f40f242ba4abae38d59c08bcd3605b27aba6f8314b3fa7d83fce9ee46bd9797
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/conversion.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html
Cookie: sss=1; PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a; _ga=GA1.2.1097178279.1714176196; _gid=GA1.2.1227665074.1714176196; sc.ASP.NET_SESSIONID=nrieiiimnpayk2gp5jp5vaqp; spAnalytics_id=eyJkZXZpY2VJZCI6ImRjODYzYjY2ODA1MjM2YmYxMjg5YmUxMGI0MGVlMzQxIiwidXNlcklkIjpudWxsfQ==; __bon=MTY0YzE2YjhhMzlkZjQzYjU2ZmQ3ODhlNDNmNDM4NzI0MjcwMDI4MzAxYmVhMzI1ZjZkNTBlNGNkMDNmMWYwN3xvak1QYjdvd2JSWE1HZ2hlc1c5Y3FYY3kvTEJnbnc0MkxLK1NEUElwbFJiaHhiWjV5N1N4WUpNQmQyR3ppWXFMSHN1YkFaZlFNU1pFbkQ3bnZ3VXgySlZQMGJyZ3phbWFWaGtMWUE0bjZGSitvSHZ2OXgyOVRYOWRTc0FCRzVLTTRUTDV6cDlXYlF5NnFVaXVweGNqVkp3TUp1NlZqQ25qbnZkN2JzMVp5MkRCWFp2NzFNZmc4bWZVUGFITFp1VHBUZU8vMVNnTnJlR1VWUXBqSWFxUHFDaU9OeVF4K1lOaHhTeS9SU0xsbTc3QS9wNlFrT1M4WGZ5ZkZrUmVaMEVBfDE1MjMwNjE5NTl8NzIzOTQ3NDc0fDMwNDA1NzkzOTA4fDF8MXwxfDA=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 20223
date: Sat, 27 Apr 2024 00:03:17 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/0 | 162.210.98.102 | 200 OK | 0 B |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/0 IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/0 HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html
Cookie: sss=1; PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a; _ga=GA1.2.1097178279.1714176196; _gid=GA1.2.1227665074.1714176196; sc.ASP.NET_SESSIONID=nrieiiimnpayk2gp5jp5vaqp; spAnalytics_id=eyJkZXZpY2VJZCI6ImRjODYzYjY2ODA1MjM2YmYxMjg5YmUxMGI0MGVlMzQxIiwidXNlcklkIjpudWxsfQ==; __bon=MTY0YzE2YjhhMzlkZjQzYjU2ZmQ3ODhlNDNmNDM4NzI0MjcwMDI4MzAxYmVhMzI1ZjZkNTBlNGNkMDNmMWYwN3xvak1QYjdvd2JSWE1HZ2hlc1c5Y3FYY3kvTEJnbnc0MkxLK1NEUElwbFJiaHhiWjV5N1N4WUpNQmQyR3ppWXFMSHN1YkFaZlFNU1pFbkQ3bnZ3VXgySlZQMGJyZ3phbWFWaGtMWUE0bjZGSitvSHZ2OXgyOVRYOWRTc0FCRzVLTTRUTDV6cDlXYlF5NnFVaXVweGNqVkp3TUp1NlZqQ25qbnZkN2JzMVp5MkRCWFp2NzFNZmc4bWZVUGFITFp1VHBUZU8vMVNnTnJlR1VWUXBqSWFxUHFDaU9OeVF4K1lOaHhTeS9SU0xsbTc3QS9wNlFrT1M4WGZ5ZkZrUmVaMEVBfDE1MjMwNjE5NTl8NzIzOTQ3NDc0fDMwNDA1NzkzOTA4fDF8MXwxfDA=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 0
date: Sat, 27 Apr 2024 00:03:17 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/0 | 162.210.98.102 | 200 OK | 0 B |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/0 IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/0 HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html
Cookie: sss=1; PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a; _ga=GA1.2.1097178279.1714176196; _gid=GA1.2.1227665074.1714176196; sc.ASP.NET_SESSIONID=nrieiiimnpayk2gp5jp5vaqp; spAnalytics_id=eyJkZXZpY2VJZCI6ImRjODYzYjY2ODA1MjM2YmYxMjg5YmUxMGI0MGVlMzQxIiwidXNlcklkIjpudWxsfQ==; __bon=MTY0YzE2YjhhMzlkZjQzYjU2ZmQ3ODhlNDNmNDM4NzI0MjcwMDI4MzAxYmVhMzI1ZjZkNTBlNGNkMDNmMWYwN3xvak1QYjdvd2JSWE1HZ2hlc1c5Y3FYY3kvTEJnbnc0MkxLK1NEUElwbFJiaHhiWjV5N1N4WUpNQmQyR3ppWXFMSHN1YkFaZlFNU1pFbkQ3bnZ3VXgySlZQMGJyZ3phbWFWaGtMWUE0bjZGSitvSHZ2OXgyOVRYOWRTc0FCRzVLTTRUTDV6cDlXYlF5NnFVaXVweGNqVkp3TUp1NlZqQ25qbnZkN2JzMVp5MkRCWFp2NzFNZmc4bWZVUGFITFp1VHBUZU8vMVNnTnJlR1VWUXBqSWFxUHFDaU9OeVF4K1lOaHhTeS9SU0xsbTc3QS9wNlFrT1M4WGZ5ZkZrUmVaMEVBfDE1MjMwNjE5NTl8NzIzOTQ3NDc0fDMwNDA1NzkzOTA4fDF8MXwxfDA=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 0
date: Sat, 27 Apr 2024 00:03:17 GMT
server: LiteSpeed
|
|
| bat.bing.com/bat.js | 13.107.21.237 | 200 OK | 13 kB |
IP13.107.21.237:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint2B:CE:FC:A9:73:41:A3:66:C2:43:6D:7A:76:00:0C:F2:74:08:13:99 ValidityThu, 25 Apr 2024 02:03:31 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (46429), with no line terminators Hash72bca04fd669eb89fc65d59052d0fc00 27e60aef86f0cb1b2f6b6ed9df9a4e3ba88efd21 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 13261
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ranges: bytes
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6FD86E94A18D42F7AA93F3E5CE980CD9 Ref B: OSL30EDGE0112 Ref C: 2024-04-27T00:03:17Z
date: Sat, 27 Apr 2024 00:03:16 GMT
X-Firefox-Spdy: h2
|
|
| bat.bing.com/p/action/5489004.js | 13.107.21.237 | 204 No Content | 0 B |
URL GET HTTP/2bat.bing.com/p/action/5489004.js IP13.107.21.237:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint2B:CE:FC:A9:73:41:A3:66:C2:43:6D:7A:76:00:0C:F2:74:08:13:99 ValidityThu, 25 Apr 2024 02:03:31 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/5489004.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AD19F1018D054FA9A381D0782D5E7B55 Ref B: OSL30EDGE0112 Ref C: 2024-04-27T00:03:17Z
date: Sat, 27 Apr 2024 00:03:16 GMT
X-Firefox-Spdy: h2
|
|
| bat.bing.com/action/0?ti=5489004&Ver=2&mid=f3e8d0aa-ea0e-4724-8084-ddf1bab5751a&sid=8cf0b0a0042911ef81b4f5ba9d58e78d&vid=8cf0a950042911ef93207d364d58c4c6&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fspotify.nethottrading.com%2F1a01b27006c67fa43567355b4b3568b3%2Fbilling.php%3FSessionID-xb%3D.%3D.._.711b6336e6330a7d0f3553409a4d134d.%3D.&r=<=285&evt=pageLoad&ifm=1&sv=1&rn=668682 | 13.107.21.237 | 204 No Content | 0 B |
URL GET HTTP/2bat.bing.com/action/0?ti=5489004&Ver=2&mid=f3e8d0aa-ea0e-4724-8084-ddf1bab5751a&sid=8cf0b0a0042911ef81b4f5ba9d58e78d&vid=8cf0a950042911ef93207d364d58c4c6&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fspotify.nethottrading.com%2F1a01b27006c67fa43567355b4b3568b3%2Fbilling.php%3FSessionID-xb%3D.%3D.._.711b6336e6330a7d0f3553409a4d134d.%3D.&r=<=285&evt=pageLoad&ifm=1&sv=1&rn=668682 IP13.107.21.237:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/activityi.html CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint2B:CE:FC:A9:73:41:A3:66:C2:43:6D:7A:76:00:0C:F2:74:08:13:99 ValidityThu, 25 Apr 2024 02:03:31 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=5489004&Ver=2&mid=f3e8d0aa-ea0e-4724-8084-ddf1bab5751a&sid=8cf0b0a0042911ef81b4f5ba9d58e78d&vid=8cf0a950042911ef93207d364d58c4c6&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fspotify.nethottrading.com%2F1a01b27006c67fa43567355b4b3568b3%2Fbilling.php%3FSessionID-xb%3D.%3D.._.711b6336e6330a7d0f3553409a4d134d.%3D.&r=<=285&evt=pageLoad&ifm=1&sv=1&rn=668682 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=16841FCC8FFB68A939E20BA28E0E6987; domain=.bing.com; expires=Thu, 22-May-2025 00:03:17 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3EBC5F4C27124568AFFD76DDA97D0858 Ref B: OSL30EDGE0112 Ref C: 2024-04-27T00:03:17Z
date: Sat, 27 Apr 2024 00:03:16 GMT
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=LaIFi0t2QcJX6GDCgN-HSphdzzdyRagGLwVX4gjnHcfHb8zMAenkYg3zvhrXl95aW0_djw23vQkCz2V_FWwK2ev7Y8TvLsIeKn1ZRdvnSX0_L5Lhd2xaLCDveo4Fd1vE
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Sat, 27 Apr 2024 00:01:33 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 120
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| pixel-static.spotify.com/sync.min.js | 35.186.224.25 | 200 OK | 5.6 kB |
URL GET HTTP/2pixel-static.spotify.com/sync.min.js IP35.186.224.25:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuerDigiCert Inc Subject*.spotify.com Fingerprint69:2B:36:29:F0:B5:FC:1B:A3:57:A6:76:E6:92:EF:30:14:22:34:6A ValidityMon, 05 Feb 2024 00:00:00 GMT - Tue, 04 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (5769), with no line terminators Hashedf01c446086a84cc76bbf616e34c062 041856c20502aba31d6dc2b6cc6a3dcec90e5f01 1f78b3f8ec4a0be3f765fd69806ff648a4f0fbf74349e6c1280def613bab0b60
GET /sync.min.js HTTP/1.1
Host: pixel-static.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: envoy
date: Sat, 27 Apr 2024 00:03:16 GMT
content-type: application/javascript
last-modified: Tue, 03 Sep 2019 15:47:09 GMT
accept-ranges: bytes
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/sp-analytics-a3e2493d01.js.download | 162.210.98.102 | 200 OK | 7.9 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/sp-analytics-a3e2493d01.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7916), with no line terminators Hasha3e2493d0163b1885804cccd6ed32c01 0abaa81ea2e7e8eb3956a5a956eb320711a68feb bbe2679eb067e587032c562903193d04ffd692c8920830fac9570a3cbedae73a
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/sp-analytics-a3e2493d01.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 7916
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
| spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/gtm.js.download | 162.210.98.102 | 200 OK | 134 kB |
URL GET HTTP/3spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing_files/gtm.js.download IP162.210.98.102:443
Requested byhttps://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=. CertificateIssuercPanel, Inc. Subjectspotify.nethottrading.com Fingerprint5E:B9:6C:31:37:46:A5:C1:38:8C:62:41:E7:1F:9C:7F:E5:0F:3E:09 ValidityFri, 26 Apr 2024 00:00:00 GMT - Thu, 25 Jul 2024 23:59:59 GMT
Size134 kB (134158 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Spotify |
GET /1a01b27006c67fa43567355b4b3568b3/billing_files/gtm.js.download HTTP/1.1
Host: spotify.nethottrading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spotify.nethottrading.com/1a01b27006c67fa43567355b4b3568b3/billing.php?SessionID-xb=.=.._.711b6336e6330a7d0f3553409a4d134d.=.
Cookie: PHPSESSID=714f66eeb897a9ea2eb2e669fffb350a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/octet-stream
last-modified: Fri, 26 Apr 2024 19:15:06 GMT
accept-ranges: bytes
content-length: 134158
date: Sat, 27 Apr 2024 00:03:16 GMT
server: LiteSpeed
|
|
0.0.0.0