gamsanlorenzo.gob.bo
Open in
urlscan Pro
200.58.110.145
Malicious Activity!
Public Scan
Effective URL: https://gamsanlorenzo.gob.bo/pe/www/xvx/__Gen/ZyuKsx.php?verification
Submission Tags: falconsandbox
Submission: On April 13 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 8th 2023. Valid for: 3 months.
This is the only time gamsanlorenzo.gob.bo was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3034::ac43:c8e6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 13 | 200.58.110.145 200.58.110.145 | 27823 (Dattatec.com) (Dattatec.com) | |
12 | 1 |
ASN27823 (Dattatec.com, AR)
PTR: india.dattaweb.com
gamsanlorenzo.gob.bo |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
gamsanlorenzo.gob.bo
1 redirects
gamsanlorenzo.gob.bo |
133 KB |
1 |
bitly.lc
1 redirects
bitly.lc |
1 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
13 | gamsanlorenzo.gob.bo |
1 redirects
gamsanlorenzo.gob.bo
|
1 | bitly.lc | 1 redirects |
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
gamsanlorenzo.gob.bo R3 |
2023-03-08 - 2023-06-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://gamsanlorenzo.gob.bo/pe/www/xvx/__Gen/ZyuKsx.php?verification
Frame ID: AC1E7168F901F916E49549E2803C1910
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Global Shipping & Logistics ServicesPage URL History Show full URLs
-
https://bitly.lc/ajt4q
HTTP 301
https://gamsanlorenzo.gob.bo/pe/www/xvx/?pwd=pe HTTP 302
https://gamsanlorenzo.gob.bo/pe/www/xvx/__Gen/ZyuKsx.php?verification Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bitly.lc/ajt4q
HTTP 301
https://gamsanlorenzo.gob.bo/pe/www/xvx/?pwd=pe HTTP 302
https://gamsanlorenzo.gob.bo/pe/www/xvx/__Gen/ZyuKsx.php?verification Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
ZyuKsx.php
gamsanlorenzo.gob.bo/pe/www/xvx/__Gen/ Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csx__.css
gamsanlorenzo.gob.bo/pe/www/xvx/__Set/css/ |
10 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js
gamsanlorenzo.gob.bo/pe/www/xvx/__Set/js/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.payment.min.js
gamsanlorenzo.gob.bo/pe/www/xvx/__Set/js/ |
8 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jsx.js
gamsanlorenzo.gob.bo/pe/www/xvx/__Set/js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lg.png
gamsanlorenzo.gob.bo/pe/www/xvx/__Set/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
topmenu-en.png
gamsanlorenzo.gob.bo/pe/www/xvx/__Set/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
explor.png
gamsanlorenzo.gob.bo/pe/www/xvx/__Set/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
search.png
gamsanlorenzo.gob.bo/pe/www/xvx/__Set/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iconmenu.png
gamsanlorenzo.gob.bo/pe/www/xvx/__Set/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
menu-en.png
gamsanlorenzo.gob.bo/pe/www/xvx/__Set/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cnx-en.png
gamsanlorenzo.gob.bo/pe/www/xvx/__Set/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery boolean| isShift string| seperator string| dash function| cc_date function| date_of_birth4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bitly.lc/ | Name: XSRF-TOKEN Value: eyJpdiI6IjNcL3kxUWR6Y2lWRWNzMDZsbmRyemhBPT0iLCJ2YWx1ZSI6IldGRUxOTStQWVwveUdMckVZS3Y5dkw4dTdQQXRjSE85ek5nSEJJZno4V2txbU1HUFc3czRyalJUMHM5NUdXWGk3WHZvT2R0cWlTMktqU2ZseDNreW5KNmhVbGhTaHhsWVZMemJKZ3Jid29IXC9KWmtyaEpSMDBaKzR0NWRRcUFteE4iLCJtYWMiOiI2ZjA2OGM4OTYwYTU0NDJjNjc3MmRkZGM4NzkwYzAzZjYxZTcxMDQzNWJlNjZkOTQ5OTZkMGM0Yjk1MDc0ZGJiIn0%3D |
|
bitly.lc/ | Name: phpshort_session Value: eyJpdiI6InhEMkRaNWJtdVZsaTJFK1FzeXI5SFE9PSIsInZhbHVlIjoibXNCVkVScXNUWXFrNlM3T1liXC9DQk9CXC9wRTdcL0IyRmdtT0NsS0xIUUUzNis2Z3NWTjN4NFwvSDQ5SDBpZUlDa09oN3kxVzBCWndhczQ5SnFycFhXSVZkY2V2aFpsU1NGTmZlWGhuZndhc0ZLZDdGQ2FmcFMzVEV4YTdTRDB6RkhnIiwibWFjIjoiOGQ1NTE3NmYwNDdjZjNlYjJkYzA4ZDVhZWVkMWMwMzVmNzY5YzBlMWMyODRhN2ZhYThmNTQxNTM2NjIxYTcyMiJ9 |
|
bitly.lc/ | Name: dark_mode Value: 0 |
|
gamsanlorenzo.gob.bo/ | Name: PHPSESSID Value: 4644ff885c5a8118c28ed054546dd463 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bitly.lc
gamsanlorenzo.gob.bo
200.58.110.145
2606:4700:3034::ac43:c8e6
10d868b25541c65592239efbbcf633799a131890a4a91e210feb78633dd0e7e1
15154faac407e15fe4b58db51516cbda4ef8e3f286352cf3f13d0eac2ac76dec
1b5b864ad1c9ab30e4e8fb0484ef39ce7b8bdce06c1483e7dd5125938b0726a6
4bede2d8c068266009f18661d160e75144bb88eb2137694a5f94062ffed8a7db
5945391a7d98f881adf677ffa17b4a65b9a25753fbec453209a37d1981afaa34
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37
7600e9380ca09620781020a9702f092616727d18cd00fc7b1be95f22c8356040
8efb0ac33a02d6656707a7e5f914895510169575d792a2eff173747ba1134139
94196b1a9dd3e2bf8cffd17ac20b9cb717c9492698041fc45e4310e7833ccfc0
a8f0fdffeeb4d006671a655e4c3ef22750eedf85aaa76aae9557e72a154dbc36
ca2710a4d588b32ebe0bfb8197aac73c4fe403f080876b2e7738e6781b3ff6cd