play.google.com
Open in
urlscan Pro
2607:f8b0:4006:816::200e
Public Scan
Effective URL: https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US
Submission Tags: #phishing @ecarlesi Search All
Submission: On June 29 via api from FI — Scanned from CA
Summary
TLS certificate: Issued by GTS CA 1C3 on June 6th 2022. Valid for: 3 months.
This is the only time play.google.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2606:4700:303... 2606:4700:3036::6815:511f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:80d::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:824::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 5.101.45.7 5.101.45.7 | 209813 (FASTCONTENT) (FASTCONTENT) | |
1 2 | 5.189.217.128 5.189.217.128 | 209813 (FASTCONTENT) (FASTCONTENT) | |
1 2 | 149.248.3.79 149.248.3.79 | () () | |
1 | 2607:f8b0:400... 2607:f8b0:4006:816::200e | () () | |
17 | 8 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
karabosa.africa
karabosa.africa |
12 KB |
2 |
rockcloudspace.com
1 redirects
rockcloudspace.com |
778 B |
2 |
reachloveproperty.buzz
1 redirects
qqtxcr.reachloveproperty.buzz |
2 KB |
2 |
takebest-prizes.life
takebest-prizes.life — Cisco Umbrella Rank: 414767 |
88 KB |
1 |
google.com
play.google.com |
175 KB |
1 |
gstatic.com
fonts.gstatic.com www.gstatic.com Failed |
16 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 71 |
1 KB |
0 |
googleusercontent.com
Failed
play-lh.googleusercontent.com Failed |
|
17 | 8 |
Domain | Requested by | |
---|---|---|
3 | karabosa.africa |
karabosa.africa
|
2 | rockcloudspace.com |
1 redirects
qqtxcr.reachloveproperty.buzz
|
2 | qqtxcr.reachloveproperty.buzz |
1 redirects
takebest-prizes.life
|
2 | takebest-prizes.life |
karabosa.africa
takebest-prizes.life |
1 | play.google.com |
rockcloudspace.com
karabosa.africa |
1 | fonts.gstatic.com |
fonts.googleapis.com
play.google.com |
1 | fonts.googleapis.com |
karabosa.africa
|
0 | play-lh.googleusercontent.com Failed |
play.google.com
|
0 | www.gstatic.com Failed |
play.google.com
|
17 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.karabosa.africa E1 |
2022-06-04 - 2022-09-02 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
takebest-prizes.life R3 |
2022-04-27 - 2022-07-26 |
3 months | crt.sh |
*.reachloveproperty.buzz R3 |
2022-06-29 - 2022-09-27 |
3 months | crt.sh |
rockcloudspace.com R3 |
2022-06-28 - 2022-09-26 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US
Frame ID: F19D44464D732D4510B3248C58B50C83
Requests: 16 HTTP requests in this frame
Frame:
https://takebest-prizes.life/media/mainstream/frame.html
Frame ID: F908F1F5729BA1631BBB8E9A9D1818E9
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://karabosa.africa/ Page URL
- https://takebest-prizes.life/?u=pqhk60a&o=3awgwfu Page URL
- https://qqtxcr.reachloveproperty.buzz/ugfelvrb/?u=pqhk60a&o=3awgwfu&f=1&sid=t3~bpe0on50tjgfxpnmp4eebw1a&fp=pVmjxsd... Page URL
-
https://qqtxcr.reachloveproperty.buzz/web/?sid=t3~bpe0on50tjgfxpnmp4eebw1a
HTTP 302
https://rockcloudspace.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBlt... HTTP 302
https://rockcloudspace.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJm... Page URL
- https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://karabosa.africa/ Page URL
- https://takebest-prizes.life/?u=pqhk60a&o=3awgwfu Page URL
- https://qqtxcr.reachloveproperty.buzz/ugfelvrb/?u=pqhk60a&o=3awgwfu&f=1&sid=t3~bpe0on50tjgfxpnmp4eebw1a&fp=pVmjxsdBpGxEG%2FmdN70TbInZ7hzUXRTfe4LLCR1C5SvSzUMWe9Vm9ML367yWdcprKqWcud%2BV9eZ0c2hsB2qO7ecfV5DcMcyQ0lO0gsdvwr7235AZ%2FY9dzuRsHCGkEP%2BOu2OM3Nvmgaxhk3gUNIOJaasqfi4%2Bp4yMnaimrqFrBF3hwufuiF6%2BvLpXHG6er7UXd9GtPuwQ17yqULA1XIC4b4DOe5Qm8cvw24mBULrvMBP9qYcC5Gzvwuky%2FnXt1mwETcZ49uLgIegtK1KkDkWVjVJ%2BtwImFTE72gtovxXDf56jm4Bvo%2FWZjEnw9DW7i6yKXf5aBqaOtohpg7wvjO8x%2FR2kLm7kz%2B16L3ndc7PlowfEJhtSSsla%2BmCqm6nqSryqRggX7uNbV3MUZtnQ4L%2FbGp27n%2FiHeIqsOS95nMaeo1NCMW397slpnln2agy4eryloXlS2gqvBjQeEQgk0EsfzMcFMEYgSPhGkhqmCYd%2F6UcDWQnLUkP7wMb%2Bb9vrNELN07bT2ql85w9FkYaCDgPWtMiVosGZ2WL5%2FIjRybdzEed6O3BhGsGFQYVfhySaG0n7zqLaTCQqBHARMOOv7BpnC%2FFFskqxk2ml7Zzb2nfcD%2Fb%2FcM04pCHnp%2FEyq76rCrOEq4QVGX2VidGJqrrgxFibM4gJr6srKrI0F5BfkYu04JvVPSI40YRqJfZoUuai4hMJSHPd%2F8uPxYBWH6vKpQVlPcVILxHjebKu3cSRaoWkIiXZzgPoApkGLgo8mmtsACqryt1yQV%2Feddf6lJTFsCgPS7fFc3YYpIjmKEe3S2n530uKD%2FNqhLj81Nk%2BaUp8lsEZdPeA2RdaWxz0PkKaJ7ar6GephmBfKlYwOUpjzPEyFQ4KRb1v6eQFFv0x6o3Y%2Bh9EOHzrEOaN7bHPTt9IMsScuBIlyN0cS6gor4lzAVdEfcXeR%2FEhkkuQ9TzJkSWlnbXRgFbVktm1ZAjcLEKJpz%2B21kRQ6uqpIfRQYxjpepSS%2FSidsYkqtSHJyBCLlDeWvS4vGEVw6JuzaAQJevl%2BXGA2oAeqZmqOb6igPzrQQBXjm6N7Lp%2BCB1efw1W5qD2vZdiYNJY4s0SAgsq2dajplx4mOgnq4HElmINwoQghpAghACBn3EWFkTzA9cUf3ItdvVSYHuan4AIIIudQrbjD8rGF4E9Njak9h7Z%2BZHwy9JzGN5tmoFKb3nYhPvwQ5ZszYEyDVZ9Hy2eB%2BfZUeXueiNJWaqKXSkEn1qIxtX2h4u38ezv8kkTTfvqgn8Ca%2BxYalJv3YgYRuLgk0MIEWFGIMJeCz5EWGN1T0URVKTS0238719YmYCMnByuMF5drI7RrRaJHeXiT3gGO2NMTKfxTCsku0g9VHrqcDexDrZC3OZzOKPAYuQRigTrWVPaLI44sJ7YC06o2TfONkMSIU%2BcmLeuD0IPo6HBUVR8toBImynycYNgChya8qhZxismHInfcW5hRYoA9jXEmmFStkF1hVgH4nyTFIv%2FHjsrwwjvVS8a9PnxUicMKK%2FxTTEq75VBDQ2FmTOjoqf0%2BuWDNrAoOsE5hVa223RgKCuUGpub6auI6yjsh%2F%2B46daOgh8LItkVbkDdsNmYQFmumSeZKC3gH4NTjBBlBRTi7PTa0AH1G%2FDsWv4xP6WsnbLGIVW9eDZrRyJsgSLEAp1bFaUUSlmD5d5%2BPeaipFY9giLNFKibLrpebzWUcvbhwdr%2BI%2B58f2qAgPkK1HG1u7dORQdyu%2B4aBCe4WWk6fyLQAjVuP%2B6UTRYunrPiGzvsLoVUBHGLO5BLyu8W1OVZzRFLcGF59AOv%2FtM24ud3tcyAmnQL32yJXFPQBE67QX5AZttWjQ6fxFkc0Z5biAE0ySvHH%2FECP7IgWnmoKWooHyID3g%2F01H96y9Cnu780oKEgBLp%2BdwTb3jMFHwxGSrClmKq0UQTdqqREWFxbMVe44fTCQDHd8LfBbjDHKhyqy%2FCAP0eLQQM6PPbr9QYE1RZF6F%2B%2FBZK342GfVk6XkomKXBfyxtSM%2BK1xeGvusqt8%3D Page URL
-
https://qqtxcr.reachloveproperty.buzz/web/?sid=t3~bpe0on50tjgfxpnmp4eebw1a
HTTP 302
https://rockcloudspace.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D HTTP 302
https://rockcloudspace.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D Page URL
- https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://qqtxcr.reachloveproperty.buzz/web/?sid=t3~bpe0on50tjgfxpnmp4eebw1a HTTP 302
- https://rockcloudspace.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D HTTP 302
- https://rockcloudspace.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
karabosa.africa/ |
27 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prelodr.min.js
karabosa.africa/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
PUT H3 |
prelodr.min.js
karabosa.africa/ |
222 B 912 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
takebest-prizes.life/ |
88 KB 88 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
frame.html
takebest-prizes.life/media/mainstream/ Frame F908 |
39 B 320 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
qqtxcr.reachloveproperty.buzz/ugfelvrb/ |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
away.php
rockcloudspace.com/ Redirect Chain
|
283 B 458 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
details
play.google.com/store/apps/ |
951 KB 175 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
cspreport
play.google.com/_/PlayStoreUi/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
m=_b,_tp,_r
www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.en.ZcUQirMFokc.2021.O/am=zmLP-H3A98MsBCA/d=1/excm=_b,_r,_tp,appdetailsview/ed=1/dg=0/wt=2/rs=AB1caFXiy-93WmDxVW4bT7R_0Jg8XXjgSQ/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v14/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v14/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Gw6kwdfw6UnXLJCcmafZyFRXb3BL9rvi0QZG3Q.woff2
fonts.gstatic.com/s/googlematerialicons/v112/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
z5nin1RdQ4UZhv6fa1FNG7VE33imGqPgC4kKZIUjgf_up7E-Pj3AaojlMPwNNXaeGA=w240-h480-rw
play-lh.googleusercontent.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mw_NfsvKM8m6RPv8Fz2GQawCOsqWv010saMnc7zbWalMxuaA9IY8h7E0VMieLxSxAFB98NFeYqbFrXXq=w48-h16-rw
play-lh.googleusercontent.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- play.google.com
- URL
- https://play.google.com/_/PlayStoreUi/cspreport
- Domain
- www.gstatic.com
- URL
- https://www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.en.ZcUQirMFokc.2021.O/am=zmLP-H3A98MsBCA/d=1/excm=_b,_r,_tp,appdetailsview/ed=1/dg=0/wt=2/rs=AB1caFXiy-93WmDxVW4bT7R_0Jg8XXjgSQ/m=_b,_tp,_r
- Domain
- fonts.gstatic.com
- URL
- https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
- Domain
- fonts.gstatic.com
- URL
- https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
- Domain
- fonts.gstatic.com
- URL
- https://fonts.gstatic.com/s/googlematerialicons/v112/Gw6kwdfw6UnXLJCcmafZyFRXb3BL9rvi0QZG3Q.woff2
- Domain
- play-lh.googleusercontent.com
- URL
- https://play-lh.googleusercontent.com/z5nin1RdQ4UZhv6fa1FNG7VE33imGqPgC4kKZIUjgf_up7E-Pj3AaojlMPwNNXaeGA=w240-h480-rw
- Domain
- play-lh.googleusercontent.com
- URL
- https://play-lh.googleusercontent.com/mw_NfsvKM8m6RPv8Fz2GQawCOsqWv010saMnc7zbWalMxuaA9IY8h7E0VMieLxSxAFB98NFeYqbFrXXq=w48-h16-rw
Verdicts & Comments Add Verdict or Comment
8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
karabosa.africa/ | Name: ekplg_janq Value: JUUwJUI4JUFCJUUwJUI4JUI5JTIwJUUwJUI4JUE1JUUwJUI4JUIyJUUwJUI4JTgxJTIwJUUwJUI4JUEzJUUwJUI4JTk2JTIwJUUwJUI4JTgxJUUwJUI4JUEzJUUwJUI4JUIwJUUwJUI4JTlBJUUwJUI4JUIw |
|
takebest-prizes.life/ | Name: sid Value: t3~bpe0on50tjgfxpnmp4eebw1a |
|
takebest-prizes.life/ | Name: p1 Value: https://reachloveproperty.buzz/ugfelvrb/ |
|
takebest-prizes.life/ | Name: s1 Value: 3iyvacv7f11xpr3u |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' http: https: data: blob: 'unsafe-inline' |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
karabosa.africa
play-lh.googleusercontent.com
play.google.com
qqtxcr.reachloveproperty.buzz
rockcloudspace.com
takebest-prizes.life
www.gstatic.com
fonts.gstatic.com
play-lh.googleusercontent.com
play.google.com
www.gstatic.com
149.248.3.79
2606:4700:3036::6815:511f
2607:f8b0:4006:80d::200a
2607:f8b0:4006:816::200e
2607:f8b0:4006:824::2003
5.101.45.7
5.189.217.128
127acbb6914ac5c0ef0e5b025b69d3f0a04580f34b90be8ad744389af00c1d91
239b020357bb476c8077ebe9355b6923ce8a6b357a056edc0f1989bcb6b0b9ea
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
b16d10dc6c8891d7338041a58361d1487f7882074563aa2c0cbfde6a39c9f835
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615