urlscan.io logo urlscan.io
SecurityTrails logo

bellezalila.com.co Open in urlscan Pro
190.60.234.22  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN
Effective URL: http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=DE&locale.x=en_DE
Submission: On July 06 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 7 HTTP transactions. The main IP is 190.60.234.22, located in Bogotá, Colombia and belongs to IFX18747, US. The main domain is bellezalila.com.co.
This is the only time bellezalila.com.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Spotify (Online)

Domain & IP information

IP Address AS Autonomous System
2 3 190.60.234.22 18747 (IFX18747)
1 2a04:4e42:3::760 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 151.101.193.194 54113 (FASTLY)
7 6
3    190.60.234.22 (Bogotá, Colombia)

ASN18747 (IFX18747, US)
PTR: 22.234.60.190.host.ifxnetworks.com
bellezalila.com.co
1    2a04:4e42:3::760 (United States)

ASN54113 (FASTLY, US)
accounts.scdn.co
1    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    151.101.193.194 (United States)

ASN54113 (FASTLY, US)
sp-bootstrap.global.ssl.fastly.net
Apex Domain
Subdomains		 Transfer
3 fastly.net
sp-bootstrap.global.ssl.fastly.net — Cisco Umbrella Rank: 551620
216 KB
3 bellezalila.com.co
bellezalila.com.co
5 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 49
20 KB
1 gstatic.com
www.gstatic.com
1 scdn.co
accounts.scdn.co — Cisco Umbrella Rank: 42424
49 KB
7 5
Domain Requested by
3 sp-bootstrap.global.ssl.fastly.net accounts.scdn.co
3 bellezalila.com.co 2 redirects
1 www.google-analytics.com bellezalila.com.co
1 www.gstatic.com bellezalila.com.co
1 accounts.scdn.co bellezalila.com.co
7 5

This site contains no links.

Subject Issuer Validity Valid
*.scdn.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-08-06 -
2022-09-02		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-06-06 -
2022-08-29		 3 months crt.sh
*.freetls.fastly.net
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-05-04 -
2023-06-05		 a year crt.sh

This page contains 1 frames:

Primary Page: http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=DE&locale.x=en_DE
Frame ID: 17CFD51FF079CC4CE8B47FF067BF3E81
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login - Spotify

Page URL History Show full URLs

  1. http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN HTTP 301
    http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/ HTTP 302
    http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=D... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

7
Requests

71 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

289 kB
Transfer

551 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN HTTP 301
    http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/ HTTP 302
    http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=DE&locale.x=en_DE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/
Redirect Chain
  • http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN
  • http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/
  • http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=DE&locale.x=en_DE
4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=DE&locale.x=en_DE
Protocol
HTTP/1.1
Server
190.60.234.22 Bogotá, Colombia, ASN18747 (IFX18747, US),
Reverse DNS
22.234.60.190.host.ifxnetworks.com
Software
Apache /
Resource Hash
f2971a3fa4525d998dfd690390de2f41cd56375bd4a0cf29cdc8904f7447bb46

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 06 Jul 2022 23:47:09 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=98
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 06 Jul 2022 23:47:08 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
LOCATION
spotXify/signin/?country.x=DE&locale.x=en_DE
Pragma
no-cache
Server
Apache
index.815c601ede0bda3f6d4b.css
accounts.scdn.co/css/ 		280 KB
49 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounts.scdn.co/css/index.815c601ede0bda3f6d4b.css
Requested by
Host: bellezalila.com.co
URL: http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=DE&locale.x=en_DE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
48de22287159c16b74c7cfd12421abfef4a284848129434aa1805a1a9acf0f40

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://bellezalila.com.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 06 Jul 2022 23:47:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 06 Mar 2019 10:24:23 GMT
Age
2558619
x-amz-meta-goog-reserved-file-mtime
1551867855
ETag
"cef7c640274beae0e4bb740e11be8ee3"
X-Served-By
cache-ord1724-ORD, cache-fra19134-FRA
X-Cache
HIT, HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, no-transform
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
49311
X-Cache-Hits
1, 1
recaptcha__fr.js
www.gstatic.com/recaptcha/api2/v1550471573786/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__fr.js
Requested by
Host: bellezalila.com.co
URL: http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=DE&locale.x=en_DE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://bellezalila.com.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: bellezalila.com.co
URL: http://bellezalila.com.co/update/vers/ARONXVicTims/Spotify-995-ByxARON-TN/spotXify/signin/?country.x=DE&locale.x=en_DE
Protocol
H2
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://bellezalila.com.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
2540
date
Wed, 06 Jul 2022 23:04:49 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 07 Jul 2022 01:04:49 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f771fe217119432dbcdb59fe3d3ac37547eadd1a118d1646011d1d7ba7e053bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
circular-black.woff2
sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/ 		72 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/circular-black.woff2
Requested by
Host: accounts.scdn.co
URL: https://accounts.scdn.co/css/index.815c601ede0bda3f6d4b.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d77456e48416e475066a580b2050cee4f86a3819556d0ddf90d81250f3af9de2

Request headers

Referer
https://accounts.scdn.co/
Origin
http://bellezalila.com.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 06 Jul 2022 23:47:09 GMT
Last-Modified
Mon, 21 Mar 2022 12:56:32 GMT
Age
1350087
x-amz-meta-goog-reserved-file-mtime
1541621104
ETag
"56b510f616f840ffde8f3955349a6c5a"
X-Served-By
cache-ord1730-ORD, cache-hhn4077-HHN
X-Cache
HIT, HIT
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
73892
X-Cache-Hits
1, 1
circular-bold.woff2
sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/ 		74 KB
74 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/circular-bold.woff2
Requested by
Host: accounts.scdn.co
URL: https://accounts.scdn.co/css/index.815c601ede0bda3f6d4b.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fdf0e3938479eb6e108e7869436051b7072b9a18ecb98b3c6b49d1b29d8bc758

Request headers

Referer
https://accounts.scdn.co/
Origin
http://bellezalila.com.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 06 Jul 2022 23:47:09 GMT
Last-Modified
Mon, 21 Mar 2022 12:56:32 GMT
Age
2565348
x-amz-meta-goog-reserved-file-mtime
1541621104
ETag
"c094813cfe6be5d188f4e506b6ffca1b"
X-Served-By
cache-ord1745-ORD, cache-hhn4063-HHN
X-Cache
HIT, HIT
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
75488
X-Cache-Hits
1, 1
circular-book.woff2
sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/ 		68 KB
69 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/circular-book.woff2
Requested by
Host: accounts.scdn.co
URL: https://accounts.scdn.co/css/index.815c601ede0bda3f6d4b.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6384070e855e2ec15caefb6334ab2c4b1b9e798ce2e369cc00f0d47a41138e0d

Request headers

Referer
https://accounts.scdn.co/
Origin
http://bellezalila.com.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 06 Jul 2022 23:47:09 GMT
Last-Modified
Mon, 21 Mar 2022 12:56:32 GMT
Age
4385382
x-amz-meta-goog-reserved-file-mtime
1541621104
ETag
"c4f753e765823b94234e7f5ccd733f44"
X-Served-By
cache-ord1726-ORD, cache-hhn4072-HHN
X-Cache
HIT, HIT
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
70092
X-Cache-Hits
1, 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Spotify (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| google_tag_data function| ga object| gaplugins

1 Cookies

Domain/Path Name / Value
bellezalila.com.co/ Name: PHPSESSID
Value: adb3f5385fcb976170aa703500039cf0

1 Console Messages

Source Level URL
Text
network error URL: https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__fr.js
Message:
Failed to load resource: the server responded with a status of 404 ()