Suspicious

Phishings targeting Spotify

Suspicious and active websites

Phishings targeting Spotify

Suspicious and active websites

Active

New (7d)

Trend (7d)

—

Website: spotify.com
About: AIStreaming-account-resale target. Lower per-account value than Netflix but high volume.
Hosts: Amazon.com, Inc. (12) · Fastly, Inc. (3) · Wildcard UK Limited (1)
Countries: United States (15) · United Kingdom (1) · Germany (1)
TLS certs: WR1 (9) · R12 (4) · R13 (2)

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

Last check (UTC)	First seen (UTC) ▾	URL	Flags	Details
2026-05-24 01:30	2026-05-23 13:01	http://spotify-client-beta.vercel.app	OpenPhish	Details
2026-05-24 01:30	2026-05-08 13:01	https://spotify-clone-rho-one.vercel.app	OpenPhish	Details
2026-05-24 01:30	2026-05-08 01:03	http://spotify-clone-flax-eight.vercel.app	GSB OpenPhish	Details
2026-05-24 01:30	2026-05-08 01:03	http://spotify-clone-rho-one.vercel.app	OpenPhish	Details
2026-05-24 01:30	2026-05-08 01:02	https://spotify-clone-flax-eight.vercel.app	GSB OpenPhish	Details
2026-05-24 01:30	2026-05-01 13:00	https://spotify.constantine.dev	OpenPhish	Details
2026-05-24 01:30	2026-04-28 13:01	https://spotify-konto-gesperrt.page.gd/?i=1	OpenPhish	Details
2026-05-24 01:30	2026-04-27 13:02	http://es-spotifymx.com	OpenPhish	Details
2026-05-24 01:30	2026-04-16 13:02	http://spotify-clone-sandy-delta.vercel.app	OpenPhish	Details
2026-05-24 01:30	2026-04-15 01:01	http://spotify-clone-green.vercel.app	OpenPhish	Details
2026-05-24 01:30	2026-04-12 13:02	http://tamires-ramos.github.io/imersao-alura-spotify	OpenPhish urlscan	Details
2026-05-24 01:30	2026-04-05 13:01	https://david-santos7.github.io/projeto-clone-spotify	OpenPhish urlscan	Details
2026-05-24 01:30	2026-04-04 13:02	http://spotify-rsg.netlify.app	OpenPhish	Details
2026-05-24 01:30	2026-04-04 13:02	http://spotify-clone-theta-hazel.vercel.app	OpenPhish	Details
2026-05-24 01:30	2026-04-01 13:03	https://spotify-clone-sepia-nine.vercel.app	OpenPhish	Details
2026-05-24 01:30	2026-03-29 13:01	https://tamires-ramos.github.io/imersao-alura-spotify	OpenPhish urlscan	Details
2026-05-24 01:30	2026-03-29 00:00	https://spotify.fourthwall.app	PhishTank	Details

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

URL	Screenshot	Details
http://spotify-client-beta.ve… OpenPhish		Details
https://spotify-clone-rho-one… OpenPhish		Details
http://spotify-clone-flax-eig… GSB OpenPhish		Details
http://spotify-clone-rho-one.… OpenPhish		Details
https://spotify-clone-flax-ei… GSB OpenPhish		Details
https://spotify.constantine.d… OpenPhish		Details
https://spotify-konto-gesperr… OpenPhish		Details
http://es-spotifymx.com OpenPhish		Details
http://spotify-clone-sandy-de… OpenPhish		Details
http://spotify-clone-green.ve… OpenPhish		Details
http://tamires-ramos.github.i… OpenPhish urlscan		Details
https://david-santos7.github.… OpenPhish urlscan		Details
http://spotify-rsg.netlify.app OpenPhish		Details
http://spotify-clone-theta-ha… OpenPhish		Details
https://spotify-clone-sepia-n… OpenPhish		Details
https://tamires-ramos.github.… OpenPhish urlscan		Details
https://spotify.fourthwall.app PhishTank		Details

AIHow to verify a real Spotify URL

Legitimate Spotify URLs always end in spotify.com (e.g. www.spotify.com, account.spotify.com). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not Spotify.
The padlock icon proves TLS is active, not that the site is safe. Free DV certificates are issued to attackers in minutes; every active site listed above has a valid TLS certificate.
If you got the link from email, SMS, or social media, do not click it. Open spotify.com from your browser bookmark or type the domain manually.
Real Spotify pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.