bellezalila.com.co
Open in
urlscan Pro
190.60.234.22
Malicious Activity!
Public Scan
Effective URL: http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=DE&locale.x=en_DE
Submission: On July 06 via manual from IN — Scanned from DE
Summary
This is the only time bellezalila.com.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Spotify (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 190.60.234.22 190.60.234.22 | 18747 (IFX18747) (IFX18747) | |
1 | 2a04:4e42:3::760 2a04:4e42:3::760 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:82b::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:830::200e | 15169 (GOOGLE) (GOOGLE) | |
3 | 151.101.193.194 151.101.193.194 | 54113 (FASTLY) (FASTLY) | |
7 | 6 |
ASN18747 (IFX18747, US)
PTR: 22.234.60.190.host.ifxnetworks.com
bellezalila.com.co |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
fastly.net
sp-bootstrap.global.ssl.fastly.net — Cisco Umbrella Rank: 551620 |
216 KB |
3 |
bellezalila.com.co
2 redirects
bellezalila.com.co |
5 KB |
1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 49 |
20 KB |
1 |
gstatic.com
www.gstatic.com |
|
1 |
scdn.co
accounts.scdn.co — Cisco Umbrella Rank: 42424 |
49 KB |
7 | 5 |
Domain | Requested by | |
---|---|---|
3 | sp-bootstrap.global.ssl.fastly.net |
accounts.scdn.co
|
3 | bellezalila.com.co | 2 redirects |
1 | www.google-analytics.com |
bellezalila.com.co
|
1 | www.gstatic.com |
bellezalila.com.co
|
1 | accounts.scdn.co |
bellezalila.com.co
|
7 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.scdn.co DigiCert TLS RSA SHA256 2020 CA1 |
2021-08-06 - 2022-09-02 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2022 Q2 |
2022-05-04 - 2023-06-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=DE&locale.x=en_DE
Frame ID: 17CFD51FF079CC4CE8B47FF067BF3E81
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Login - SpotifyPage URL History Show full URLs
-
http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN
HTTP 301
http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/ HTTP 302
http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=D... Page URL
Detected technologies
Google Analytics (Analytics) ExpandDetected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN
HTTP 301
http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/ HTTP 302
http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=DE&locale.x=en_DE Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- http://www.google-analytics.com/analytics.js HTTP 307
- https://www.google-analytics.com/analytics.js
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/ Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.815c601ede0bda3f6d4b.css
accounts.scdn.co/css/ |
280 KB 49 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__fr.js
www.gstatic.com/recaptcha/api2/v1550471573786/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ Redirect Chain
|
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circular-black.woff2
sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/ |
72 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circular-bold.woff2
sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/ |
74 KB 74 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circular-book.woff2
sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/ |
68 KB 69 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Spotify (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| google_tag_data function| ga object| gaplugins1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bellezalila.com.co/ | Name: PHPSESSID Value: adb3f5385fcb976170aa703500039cf0 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.scdn.co
bellezalila.com.co
sp-bootstrap.global.ssl.fastly.net
www.google-analytics.com
www.gstatic.com
151.101.193.194
190.60.234.22
2a00:1450:4001:82b::2003
2a00:1450:4001:830::200e
2a04:4e42:3::760
48de22287159c16b74c7cfd12421abfef4a284848129434aa1805a1a9acf0f40
6384070e855e2ec15caefb6334ab2c4b1b9e798ce2e369cc00f0d47a41138e0d
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
d77456e48416e475066a580b2050cee4f86a3819556d0ddf90d81250f3af9de2
f2971a3fa4525d998dfd690390de2f41cd56375bd4a0cf29cdc8904f7447bb46
f771fe217119432dbcdb59fe3d3ac37547eadd1a118d1646011d1d7ba7e053bf
fdf0e3938479eb6e108e7869436051b7072b9a18ecb98b3c6b49d1b29d8bc758