www.lsqa.com Open in urlscan Pro
179.27.153.25 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.lsqa.com/mobile/
Submission: On October 27 via automatic, source phishtank (October 27th 2017, 6:04:02 pm UTC)

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 21 HTTP transactions. The main IP is 179.27.153.25, located in Montevideo, Uruguay and belongs to Administracion Nacional de Telecomunicaciones, UY. The main domain is www.lsqa.com.

This is the only time www.lsqa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Bradesco (Banking)

Domain & IP information

	IP Address	AS Autonomous System
20	179.27.153.25 179.27.153.25	6057 (Administr...) (Administracion Nacional de Telecomunicaciones)
1	2a00:1450:400... 2a00:1450:4001:816::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
21	2

20 179.27.153.25 (Montevideo, Uruguay)

ASN6057 (Administracion Nacional de Telecomunicaciones, UY)
PTR: server109.dinamichosting.com

www.lsqa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	lsqa.com www.lsqa.com	111 KB
1	googleapis.com fonts.googleapis.com	323 B
21	2

	Domain	Requested by
20	www.lsqa.com	www.lsqa.com
1	fonts.googleapis.com	www.lsqa.com
21	2

This site contains no links.

Subject Issuer	Validity	Valid
*.googleapis.com Google Internet Authority G2	`2017-10-17` - `2017-12-29`	2 months	crt.sh

This page contains 3 frames:

Primary Page: http://www.lsqa.com/mobile/
Frame ID: 28398.1
Requests: 6 HTTP requests in this frame

Frame: http://www.lsqa.com/mobile/acesso.php
Frame ID: 28398.2
Requests: 11 HTTP requests in this frame

Frame: http://www.lsqa.com/mobile/iframes/index.php
Frame ID: 28398.3
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i

Page Statistics

21
Requests

5 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

111 kB
Transfer

457 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.lsqa.com/mobile/ 3 KB
1 KB 616ms
322ms Document
text/html 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache / PHP/5.4.45
Resource Hash: e29cbd2c607cc031f366291d5e34d8a0742bc42c6bf5beb2d70e8ff3b5941b33

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:44 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.4.45
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 1159

GET
H/1.1 200
OK bootstrap.min.css
www.lsqa.com/mobile/css/ 118 KB
19 KB 294ms
293ms Stylesheet
text/css 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/css/bootstrap.min.css
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: c73a339b42752222a5616cc8eac662628a33f49f8f76556710019fb74dbb99b9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.lsqa.com/mobile/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:44 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Oct 2017 09:16:38 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 19767
Expires: Sat, 27 Oct 2018 18:03:44 GMT

GET
H/1.1 200
OK bootstrap-theme.min.css
www.lsqa.com/mobile/css/ 23 KB
3 KB 296ms
295ms Stylesheet
text/css 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/css/bootstrap-theme.min.css
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: 653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.lsqa.com/mobile/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:44 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Oct 2017 09:16:39 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2776
Expires: Sat, 27 Oct 2018 18:03:44 GMT

GET
H2 200 css
fonts.googleapis.com/ 516 B
323 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:816::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Advent+Pro:300|Athiti:200

Requested by

Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:816::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

ESF /

Resource Hash

9552ba7339dea8b89974d06ac8a1974a181689dac707eccbc595479b015a1486

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /css?family=Advent+Pro:300|Athiti:200
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: fonts.googleapis.com
referer: http://www.lsqa.com/mobile/
:scheme: https
:method: GET
Referer: http://www.lsqa.com/mobile/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

date: Fri, 27 Oct 2017 18:03:49 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="41,39,38,37,35"
x-xss-protection: 1; mode=block
expires: Fri, 27 Oct 2017 18:03:49 GMT

GET
H/1.1 404
Not Found bootstrap.min.js
www.lsqa.com/mobile/js/ 0
0 502ms
251ms Script
text/html 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/js/bootstrap.min.js
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: */*
Referer: http://www.lsqa.com/mobile/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:44 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 343
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK acesso.php Show response
www.lsqa.com/mobile/ Frame 2839 7 KB
2 KB 324ms
324ms Document
text/html 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/acesso.php
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache / PHP/5.4.45
Resource Hash: 74fa5756d8479b36ef4699423ca0e2dd4a3f9e7334712909387e12869c3a75f9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://www.lsqa.com/mobile/
Connection: keep-alive
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Referer: http://www.lsqa.com/mobile/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:45 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.4.45
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 2115

GET
H/1.1 200
OK glyphicons-halflings-regular.woff2
www.lsqa.com/mobile/fonts/ 18 KB
18 KB 300ms
300ms Font
application/octet-stream 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/fonts/glyphicons-halflings-regular.woff2
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Request headers

Pragma: no-cache
Origin: http://www.lsqa.com
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: */*
Referer: http://www.lsqa.com/mobile/css/bootstrap.min.css
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Referer: http://www.lsqa.com/mobile/css/bootstrap.min.css
Origin: http://www.lsqa.com

Response headers

Date: Fri, 27 Oct 2017 18:03:45 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Oct 2017 09:16:39 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 18030

GET
H/1.1 200
OK bootstrap.min.css
www.lsqa.com/mobile/css/ Frame 2839 118 KB
19 KB 266ms
265ms Stylesheet
text/css 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/css/bootstrap.min.css
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/acesso.php
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: c73a339b42752222a5616cc8eac662628a33f49f8f76556710019fb74dbb99b9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.lsqa.com/mobile/acesso.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/acesso.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:45 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Oct 2017 09:16:38 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 19767
Expires: Sat, 27 Oct 2018 18:03:45 GMT

GET
H/1.1 200
OK bootstrap-theme.min.css
www.lsqa.com/mobile/css/ Frame 2839 23 KB
3 KB 284ms
283ms Stylesheet
text/css 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/css/bootstrap-theme.min.css
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/acesso.php
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: 653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.lsqa.com/mobile/acesso.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/acesso.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:45 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Oct 2017 09:16:39 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2776
Expires: Sat, 27 Oct 2018 18:03:45 GMT

GET
H/1.1 200
OK bootstrap.min.js Show response
www.lsqa.com/mobile/scripts/ Frame 2839 36 KB
10 KB 514ms
278ms Script
application/javascript 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/scripts/bootstrap.min.js
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/acesso.php
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: 36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: */*
Referer: http://www.lsqa.com/mobile/acesso.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/acesso.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:45 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Oct 2017 09:16:40 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 9838
Expires: Sat, 27 Oct 2018 18:03:45 GMT

GET
H/1.1 200
OK valida_conta.js Show response
www.lsqa.com/mobile/scripts/ Frame 2839 6 KB
2 KB 513ms
260ms Script
application/javascript 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/scripts/valida_conta.js
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/acesso.php
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: 6e2f830b3f67f08849e8282448c06c7a68aaa8f9b1a21b425e1975c2fc0bbba2

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: */*
Referer: http://www.lsqa.com/mobile/acesso.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/acesso.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:45 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Oct 2017 09:16:40 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1960
Expires: Sat, 27 Oct 2018 18:03:45 GMT

GET
H/1.1 200
OK jquery.min.js Show response
www.lsqa.com/mobile/jquery/ Frame 2839 77 KB
27 KB 546ms
289ms Script
application/javascript 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/jquery/jquery.min.js
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/acesso.php
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: 48d685402b465594e6ec567be7f1cddcedadc9b6721f5eed1ffe7555c15ef0dc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: */*
Referer: http://www.lsqa.com/mobile/acesso.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/acesso.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:45 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Oct 2017 09:16:40 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 27183
Expires: Sat, 27 Oct 2018 18:03:45 GMT

GET
H/1.1 200
OK html5placeholder.jquery.js Show response
www.lsqa.com/mobile/jquery/ Frame 2839 3 KB
1 KB 562ms
289ms Script
application/javascript 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/jquery/html5placeholder.jquery.js
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/acesso.php
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: de300f7f10932aef1a267d625bf5063fbdf9d4a290320aca68217bdf24e7ba97

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: */*
Referer: http://www.lsqa.com/mobile/acesso.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/acesso.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:45 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Oct 2017 09:16:39 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1328
Expires: Sat, 27 Oct 2018 18:03:45 GMT

GET
H/1.1 200
OK numeros.js Show response
www.lsqa.com/mobile/scripts/ Frame 2839 200 B
152 B 550ms
277ms Script
application/javascript 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/scripts/numeros.js
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/acesso.php
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: c8d90299d868f5bceff7337be5eccdd053c2e83eb09472e4d62a047925fd55c0

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: */*
Referer: http://www.lsqa.com/mobile/acesso.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/acesso.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:45 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Oct 2017 09:16:40 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 152
Expires: Sat, 27 Oct 2018 18:03:45 GMT

GET
H/1.1 200
OK index.php Show response
www.lsqa.com/mobile/iframes/ Frame 2839 1 KB
664 B 350ms
350ms Document
text/html 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/iframes/index.php
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/acesso.php
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache / PHP/5.4.45
Resource Hash: 273ffd0dd13c67ddcb6ae6da052ff89031a94c28c2975477fb3978d83f9535c9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://www.lsqa.com/mobile/acesso.php
Connection: keep-alive
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Referer: http://www.lsqa.com/mobile/acesso.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:46 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.4.45
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 664

GET
H/1.1 200
OK glyphicons-halflings-regular.woff2
www.lsqa.com/mobile/fonts/ Frame 2839 18 KB
0 300ms
300ms Font
application/octet-stream 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/fonts/glyphicons-halflings-regular.woff2
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/jquery/jquery.min.js
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Request headers

Pragma: no-cache
Origin: http://www.lsqa.com
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: */*
Referer: http://www.lsqa.com/mobile/css/bootstrap.min.css
Connection: keep-alive
Cache-Control: no-cache

Response headers

Date: Fri, 27 Oct 2017 18:03:45 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Oct 2017 09:16:39 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 18030

GET
H/1.1 200
OK 8951.jpg
www.lsqa.com/mobile/images/ Frame 2839 403 B
403 B 283ms
283ms Image
image/jpeg 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.lsqa.com/mobile/images/8951.jpg
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/jquery/jquery.min.js
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: 1c7b084f91de115eee04ad34232b5ac09fae7a66a33d5761f9d0879e4dba43ee

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.lsqa.com/mobile/acesso.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/acesso.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:46 GMT
Last-Modified: Sat, 07 Oct 2017 09:16:39 GMT
Server: Apache
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 403
Expires: Sat, 27 Oct 2018 18:03:46 GMT

GET
H/1.1 200
OK 4568.jpg
www.lsqa.com/mobile/images/ Frame 2839 5 KB
5 KB 261ms
261ms Image
image/jpeg 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.lsqa.com/mobile/images/4568.jpg
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/jquery/jquery.min.js
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash: cc788d3fcbf31d5ccf53d50b147658f6e7b16b67c4d69490b745c0e31913e375

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.lsqa.com/mobile/acesso.php
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lsqa.com/mobile/acesso.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36

Response headers

Date: Fri, 27 Oct 2017 18:03:46 GMT
Last-Modified: Sat, 07 Oct 2017 09:16:39 GMT
Server: Apache
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 5437
Expires: Sat, 27 Oct 2018 18:03:46 GMT

GET
H/1.1 404
Not Found bootstrap.min.css
www.lsqa.com/mobile/bootstrap/css/ Frame 2839 0
0 256ms
255ms Stylesheet
text/html 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/bootstrap/css/bootstrap.min.css
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/iframes/index.php
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://www.lsqa.com
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.lsqa.com/mobile/iframes/index.php
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Referer: http://www.lsqa.com/mobile/iframes/index.php
Origin: http://www.lsqa.com

Response headers

Date: Fri, 27 Oct 2017 18:03:46 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 355
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found bootstrap-theme.min.css
www.lsqa.com/mobile/bootstrap/css/ Frame 2839 0
0 271ms
271ms Stylesheet
text/html 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/bootstrap/css/bootstrap-theme.min.css
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/iframes/index.php
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://www.lsqa.com
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.lsqa.com/mobile/iframes/index.php
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Referer: http://www.lsqa.com/mobile/iframes/index.php
Origin: http://www.lsqa.com

Response headers

Date: Fri, 27 Oct 2017 18:03:46 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 361
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found bootstrap.min.js
www.lsqa.com/mobile/bootstrap/js/ Frame 2839 0
0 257ms
257ms Script
text/html 179.27.153.25
Administracion Na...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lsqa.com/mobile/bootstrap/js/bootstrap.min.js
Requested by: Host: www.lsqa.com
URL: http://www.lsqa.com/mobile/iframes/index.php
Protocol: HTTP/1.1
Server: 179.27.153.25 Montevideo, Uruguay, ASN6057 (Administracion Nacional de Telecomunicaciones, UY),
Reverse DNS: server109.dinamichosting.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://www.lsqa.com
Accept-Encoding: gzip, deflate
Host: www.lsqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Accept: */*
Referer: http://www.lsqa.com/mobile/iframes/index.php
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36
Referer: http://www.lsqa.com/mobile/iframes/index.php
Origin: http://www.lsqa.com

Response headers

Date: Fri, 27 Oct 2017 18:03:46 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=94
Content-Length: 353
Content-Type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Bradesco (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
www.lsqa.com
179.27.153.25
2a00:1450:4001:816::200a
1c7b084f91de115eee04ad34232b5ac09fae7a66a33d5761f9d0879e4dba43ee
273ffd0dd13c67ddcb6ae6da052ff89031a94c28c2975477fb3978d83f9535c9
36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
48d685402b465594e6ec567be7f1cddcedadc9b6721f5eed1ffe7555c15ef0dc
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e
6e2f830b3f67f08849e8282448c06c7a68aaa8f9b1a21b425e1975c2fc0bbba2
74fa5756d8479b36ef4699423ca0e2dd4a3f9e7334712909387e12869c3a75f9
9552ba7339dea8b89974d06ac8a1974a181689dac707eccbc595479b015a1486
c73a339b42752222a5616cc8eac662628a33f49f8f76556710019fb74dbb99b9
c8d90299d868f5bceff7337be5eccdd053c2e83eb09472e4d62a047925fd55c0
cc788d3fcbf31d5ccf53d50b147658f6e7b16b67c4d69490b745c0e31913e375
de300f7f10932aef1a267d625bf5063fbdf9d4a290320aca68217bdf24e7ba97
e29cbd2c607cc031f366291d5e34d8a0742bc42c6bf5beb2d70e8ff3b5941b33
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

www.lsqa.com Open in urlscan Pro 179.27.153.25 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

21 Requests

5 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

111 kBTransfer

457 kBSize

0 Cookies

0 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www.lsqa.com Open in urlscan Pro
179.27.153.25 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

5 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

111 kB
Transfer

457 kB
Size

0
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!