gamsanlorenzo.gob.bo Open in urlscan Pro
200.58.110.145 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bitly.lc/xya5n
Effective URL:
https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLK...
Submission: On April 21 via manual (April 21st 2023, 2:36:52 pm UTC) from BO — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 200.58.110.145, located in Rosario, Argentina and belongs to Dattatec.com, AR. The main domain is gamsanlorenzo.gob.bo.
TLS certificate: Issued by R3 on March 8th 2023. Valid for: 3 months.

This is the only time gamsanlorenzo.gob.bo was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3034::ac43:c8e6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 13	200.58.110.145 200.58.110.145	27823 (Dattatec.com) (Dattatec.com)
12	1

1 2606:4700:3034::ac43:c8e6 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

bitly.lc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 200.58.110.145 (Rosario, Argentina) 1 redirects

ASN27823 (Dattatec.com, AR)
PTR: india.dattaweb.com

gamsanlorenzo.gob.bo	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	gamsanlorenzo.gob.bo 1 redirects gamsanlorenzo.gob.bo	135 KB
1	bitly.lc 1 redirects bitly.lc	1 KB
12	2

	Domain	Requested by
13	gamsanlorenzo.gob.bo	1 redirects gamsanlorenzo.gob.bo
1	bitly.lc	1 redirects
12	2

This site contains no links.

Subject Issuer	Validity	Valid
gamsanlorenzo.gob.bo R3	`2023-03-08` - `2023-06-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification
Frame ID: 8F87666389DC58A5CCC1FE15BE7E354A
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Servicios globales de envío y logística

Page URL History Show full URLs

https://bitly.lc/xya5n HTTP 301
https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKL... HTTP 302
https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKL... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

134 kB
Transfer

131 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bitly.lc/xya5n HTTP 301
https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/?pwd=chi HTTP 302
https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Ruwb63.php Show response gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/ Redirect Chain https://bitly.lc/xya5n https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/?pwd=chi https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification	4 KB 4 KB	311ms 311ms	Document text/html	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / PHP/7.3.32 Resource Hash `4a4f34b9d3bf34e65f572dea65d801b5191b35852038edf534b40d0ac5330487` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Fri, 21 Apr 2023 14:36:45 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=10, max=199 Pragma no-cache Server Apache Transfer-Encoding chunked X-Powered-By PHP/7.3.32 Redirect headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Fri, 21 Apr 2023 14:36:44 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=10, max=200 Location __Gen/Ruwb63.php?verification#_ Pragma no-cache Server Apache Transfer-Encoding chunked X-Powered-By PHP/7.3.32
GET H/1.1	200 OK	csx__.css gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/css/	10 KB 10 KB	256ms 256ms	Stylesheet text/css	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/css/csx__.css Requested by Host: gamsanlorenzo.gob.bo URL: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / Resource Hash `ca2710a4d588b32ebe0bfb8197aac73c4fe403f080876b2e7738e6781b3ff6cd` Request headers accept-language de-DE,de;q=0.9 Referer https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 14:36:45 GMT Last-Modified Thu, 03 Jun 2021 03:22:42 GMT Server Apache ETag "2637-5c3d416874480" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=198 Content-Length 9783
GET H/1.1	200 OK	jquery-3.5.1.min.js Show response gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/js/	87 KB 88 KB	257ms 257ms	Script application/javascript	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/js/jquery-3.5.1.min.js Requested by Host: gamsanlorenzo.gob.bo URL: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / Resource Hash `6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f` Request headers accept-language de-DE,de;q=0.9 Referer https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 14:36:45 GMT Last-Modified Thu, 27 May 2021 04:12:28 GMT Server Apache ETag "15d83-5c347f79e6300" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=200 Content-Length 89475
GET H/1.1	200 OK	jquery.payment.min.js Show response gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/js/	8 KB 9 KB	505ms 247ms	Script application/javascript	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/js/jquery.payment.min.js Requested by Host: gamsanlorenzo.gob.bo URL: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / Resource Hash `6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37` Request headers accept-language de-DE,de;q=0.9 Referer https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 14:36:46 GMT Last-Modified Thu, 27 May 2021 04:14:14 GMT Server Apache ETag "210b-5c347fdefd180" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=197 Content-Length 8459
GET H/1.1	200 OK	jsx.js Show response gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/js/	2 KB 2 KB	747ms 265ms	Script application/javascript	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/js/jsx.js Requested by Host: gamsanlorenzo.gob.bo URL: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / Resource Hash `10d868b25541c65592239efbbcf633799a131890a4a91e210feb78633dd0e7e1` Request headers accept-language de-DE,de;q=0.9 Referer https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 14:36:46 GMT Last-Modified Thu, 27 May 2021 04:08:12 GMT Server Apache ETag "84f-5c347e85c2300" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=200 Content-Length 2127
GET H/1.1	200 OK	lg.png gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/	2 KB 2 KB	256ms 255ms	Image image/png	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Show image Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/lg.png Requested by Host: gamsanlorenzo.gob.bo URL: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / Resource Hash `4bede2d8c068266009f18661d160e75144bb88eb2137694a5f94062ffed8a7db` Request headers accept-language de-DE,de;q=0.9 Referer https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 14:36:46 GMT Last-Modified Thu, 27 May 2021 22:50:12 GMT Server Apache ETag "673-5c35794f1d100" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=199 Content-Length 1651
GET H/1.1	200 OK	topmenu-es.png gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/	4 KB 4 KB	256ms 256ms	Image image/png	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Show image Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/topmenu-es.png Requested by Host: gamsanlorenzo.gob.bo URL: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / Resource Hash `4fb098d894c9efa7d99b635185b9fd0695d37ebd21c5196399c3932250db06ce` Request headers accept-language de-DE,de;q=0.9 Referer https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 14:36:46 GMT Last-Modified Thu, 27 May 2021 22:50:12 GMT Server Apache ETag "10c9-5c35794f1d100" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=199 Content-Length 4297
GET H/1.1	200 OK	explor.png gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/	2 KB 2 KB	253ms 252ms	Image image/png	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Show image Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/explor.png Requested by Host: gamsanlorenzo.gob.bo URL: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / Resource Hash `a8f0fdffeeb4d006671a655e4c3ef22750eedf85aaa76aae9557e72a154dbc36` Request headers accept-language de-DE,de;q=0.9 Referer https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 14:36:46 GMT Last-Modified Thu, 27 May 2021 22:50:12 GMT Server Apache ETag "857-5c35794f1d100" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=196 Content-Length 2135
GET H/1.1	200 OK	search.png gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/	2 KB 2 KB	256ms 255ms	Image image/png	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Show image Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/search.png Requested by Host: gamsanlorenzo.gob.bo URL: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / Resource Hash `5945391a7d98f881adf677ffa17b4a65b9a25753fbec453209a37d1981afaa34` Request headers accept-language de-DE,de;q=0.9 Referer https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 14:36:46 GMT Last-Modified Thu, 27 May 2021 22:50:12 GMT Server Apache ETag "85c-5c35794f1d100" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=200 Content-Length 2140
GET H/1.1	200 OK	iconmenu.png gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/	2 KB 2 KB	511ms 258ms	Image image/png	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Show image Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/iconmenu.png Requested by Host: gamsanlorenzo.gob.bo URL: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / Resource Hash `8efb0ac33a02d6656707a7e5f914895510169575d792a2eff173747ba1134139` Request headers accept-language de-DE,de;q=0.9 Referer https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 14:36:46 GMT Last-Modified Thu, 27 May 2021 22:50:12 GMT Server Apache ETag "6c8-5c35794f1d100" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=195 Content-Length 1736
GET H/1.1	200 OK	menu-es.png gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/	5 KB 5 KB	508ms 253ms	Image image/png	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Show image Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/menu-es.png Requested by Host: gamsanlorenzo.gob.bo URL: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / Resource Hash `0603b79d91187dc7d03a72b9b037d2fdc75a16f33b8ed7d74bfd5a2a6563f068` Request headers accept-language de-DE,de;q=0.9 Referer https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 14:36:46 GMT Last-Modified Thu, 27 May 2021 22:50:12 GMT Server Apache ETag "1425-5c35794f1d100" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=198 Content-Length 5157
GET H/1.1	200 OK	cnx-es.png gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/	3 KB 4 KB	484ms 250ms	Image image/png	200.58.110.145 Dattatec.com
General Check archive.org Show headers Download Go to Show image Full URL https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Set/img/cnx-es.png Requested by Host: gamsanlorenzo.gob.bo URL: https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 200.58.110.145 Rosario, Argentina, ASN27823 (Dattatec.com, AR), Reverse DNS india.dattaweb.com Software Apache / Resource Hash `26fa9d1a5d073c3dd4f3a6de9c484b7a48d7f194a124ace7f512da1b40d3c501` Request headers accept-language de-DE,de;q=0.9 Referer https://gamsanlorenzo.gob.bo/vendor/laravel/framework/src/Illuminate/Auth/Console/WQGF0STCO67VV/dWQGFJDKLSJSTCO67VV/FJLKFJSLKD/__Gen/Ruwb63.php?verification User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Fri, 21 Apr 2023 14:36:46 GMT Last-Modified Thu, 27 May 2021 22:50:12 GMT Server Apache ETag "d2e-5c35794f1d100" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=198 Content-Length 3374

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
bitly.lc/	1970-01-20 11:14:55	Name: XSRF-TOKEN Value: eyJpdiI6IkRcL0tFTVdUSGUwcExScEFieGhCb2VnPT0iLCJ2YWx1ZSI6IjlYZ0t0bkJnMUJFT3hJR0lGTkE5RFNCbFBaQThNbXd5bjVRZDVFaSt6c1Z2dkRtK1Z1VkQ5cWM5SlMyd09DZzhBNjIyQ1JXRGkxRUR0bEpDbTVsZWZMRzV4STVyWWZPajkrcVwvaTcrNm8yOTZCVXlyZFBQR3UzZG9ZbVhKakNJZCIsIm1hYyI6ImM1OTYwOTU2ZDRhYzE4ZmYxMmZjZDI2ZTA5ZDA2Y2Q4YTE5MTk0ODA2YzVkZDhhYTNmODIzZDU0YTg4YTlmMzEifQ%3D%3D
bitly.lc/	1970-01-20 11:14:55	Name: phpshort_session Value: eyJpdiI6InZObTRJMFwvRjYzbVpoSFdXV2QzYkdnPT0iLCJ2YWx1ZSI6Ik5TYW9JeFwvMHBiN005bjZPWjdyc0psSlRycDVBdm14cWhrNjZCa3FhUjFVbEVFNjRSRFJPQTJ5ajI2WmNqR280OHZLcGZcL1BjdnBHUU9PZjRWQmZyMUZwZDZZWUlIajVYTzNwczZ5MmFCUTI4VVVDVTNDZ3dVc2dkaTdtMVE5ekkiLCJtYWMiOiJmYThiYzdjZjNmMmViN2Y1Mzk1MTJlZjI0OWViYTVkMWFmYjA4ZjQzODUwNWVjYjJjNTRiMDhmMDJiZGJmOWFjIn0%3D
bitly.lc/	1970-01-20 20:50:47	Name: dark_mode Value: 0
gamsanlorenzo.gob.bo/	1969-12-31 23:59:59	Name: PHPSESSID Value: b0854f49d0810037ff45baa7ac846d97

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bitly.lc
gamsanlorenzo.gob.bo
200.58.110.145
2606:4700:3034::ac43:c8e6
0603b79d91187dc7d03a72b9b037d2fdc75a16f33b8ed7d74bfd5a2a6563f068
10d868b25541c65592239efbbcf633799a131890a4a91e210feb78633dd0e7e1
26fa9d1a5d073c3dd4f3a6de9c484b7a48d7f194a124ace7f512da1b40d3c501
4a4f34b9d3bf34e65f572dea65d801b5191b35852038edf534b40d0ac5330487
4bede2d8c068266009f18661d160e75144bb88eb2137694a5f94062ffed8a7db
4fb098d894c9efa7d99b635185b9fd0695d37ebd21c5196399c3932250db06ce
5945391a7d98f881adf677ffa17b4a65b9a25753fbec453209a37d1981afaa34
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37
8efb0ac33a02d6656707a7e5f914895510169575d792a2eff173747ba1134139
a8f0fdffeeb4d006671a655e4c3ef22750eedf85aaa76aae9557e72a154dbc36
ca2710a4d588b32ebe0bfb8197aac73c4fe403f080876b2e7738e6781b3ff6cd

gamsanlorenzo.gob.bo Open in urlscan Pro 200.58.110.145 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

134 kBTransfer

131 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

4 Cookies

Indicators

gamsanlorenzo.gob.bo Open in urlscan Pro
200.58.110.145 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

134 kB
Transfer

131 kB
Size

4
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!