Overview

URL lensively.com/microsoft-help/criticalsecurity-24x7-helpline/
IP72.52.175.122
ASNAS32244 Liquid Web, Inc.
Location United States
Report completed2018-10-15 23:44:44 CEST
StatusLoading report..
urlQuery Alerts Scam / Cryptowall detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-10-15 23:44:09 CEST 2  72.52.175.122 Client IP ET CURRENT_EVENTS Microsoft Tech Support Phone Scam Landing 2018-09-12
2018-10-15 23:44:09 CEST 1  72.52.175.122 Client IP ET CURRENT_EVENTS Microsoft Tech Support Phone Scam M2 Jul 07 2017
2018-10-15 23:44:14 CEST 1  72.52.175.122 Client IP ET CURRENT_EVENTS Tech Support Phone Scam Landing M1 Oct 16 2016
2018-10-15 23:44:09 CEST 1  72.52.175.122 Client IP ET CURRENT_EVENTS Tech Support Phone Scam Landing Feb 09 2017


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 72.52.175.122

Date UQ / IDS / BL URL IP
2018-11-12 22:24:06 +0100
1 - 3 - 4 blueprivals.com/secure-me/live/firiedgex 72.52.175.122
2018-11-12 14:27:24 +0100
0 - 0 - 5 https://outsideriver.com/live/ 72.52.175.122
2018-11-10 07:43:01 +0100
1 - 0 - 3 https://bladelphing.com/secure-me/live/ 72.52.175.122
2018-11-10 04:11:41 +0100
0 - 0 - 1 industrained.com/microsoft-help/secure-me 72.52.175.122
2018-11-05 14:37:09 +0100
1 - 0 - 5 prosperexams.com/secure-me-24x7/criticalsecur (...) 72.52.175.122
2018-11-05 13:54:08 +0100
0 - 0 - 2 https://daystales.com/wp-admin/css/colors/ect (...) 72.52.175.122
2018-11-05 12:04:38 +0100
1 - 0 - 4 https://proporous.com/secure-me/live/firiedgex 72.52.175.122
2018-11-01 18:38:40 +0100
0 - 0 - 1 teethose.com/secure-me/live/firiedgex/index.html 72.52.175.122
2018-11-01 18:34:39 +0100
0 - 0 - 2 prosperexams.com/ 72.52.175.122
2018-10-31 06:59:24 +0100
1 - 0 - 0 jeopatros.com/secure-today/24x7 72.52.175.122

Last 10 reports on ASN: AS32244 Liquid Web, Inc.

Date UQ / IDS / BL URL IP
2018-11-14 10:46:44 +0100
0 - 0 - 1 naturally-stop-acid-reflux.com/order.html?sou (...) 69.16.236.116
2018-11-14 09:11:55 +0100
0 - 0 - 32 spicesindia.co.in/ 64.91.231.199
2018-11-14 08:50:50 +0100
0 - 0 - 0 okarta.net 67.227.226.240
2018-11-14 06:09:02 +0100
0 - 0 - 0 alladim.biz 67.227.226.240
2018-11-14 03:33:37 +0100
0 - 2 - 4 www.excelengineeringbd.com/qihwd/77352DUG/com/US 67.225.182.250
2018-11-14 02:41:04 +0100
0 - 1 - 0 https://ebay.uk-9368de39251d7a-login.id-107sb (...) 67.225.200.83
2018-11-14 02:24:12 +0100
0 - 0 - 25 mgtgift.com/index.php/catalogsearch/advanced 69.167.174.79
2018-11-14 00:25:46 +0100
0 - 0 - 0 https://www.faspsych.com/ 67.227.164.68
2018-11-13 23:50:42 +0100
0 - 0 - 0 click-cpa.net/out?zoneId=1487449&sId=622399 72.52.179.175
2018-11-13 23:46:02 +0100
0 - 0 - 0 licensurelink.com 69.16.239.96

No other reports on domain: lensively.com



JavaScript

Executed Scripts (11)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (24)


Request Response
                                        
                                            GET /microsoft-help/criticalsecurity-24x7-helpline/ HTTP/1.1 
Host: lensively.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         72.52.175.122
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Mon, 15 Oct 2018 21:44:08 GMT
Server: Apache
Cache-Control: max-age=600
Expires: Mon, 15 Oct 2018 21:54:08 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 8466
Keep-Alive: timeout=2, max=500
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   8466
Md5:    da6ae1833a230b0f356ca4d95ad42a90
Sha1:   d7f2156955d099e813f33538392dcb21602a4c0c
Sha256: db408e6e656d38aa60c906f3f46415d750ef27dde31453818993de0c4e2f8928

Alerts:
  IDS:
    - ET CURRENT_EVENTS Microsoft Tech Support Phone Scam Landing 2018-09-12
    - ET CURRENT_EVENTS Microsoft Tech Support Phone Scam M2 Jul 07 2017
    - ET CURRENT_EVENTS Tech Support Phone Scam Landing Feb 09 2017
                                        
                                            GET /jquery-3.3.1.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/

                                         
                                         205.185.208.52
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Mon, 15 Oct 2018 21:44:09 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 30288
Last-Modified: Sat, 20 Jan 2018 17:26:44 GMT
Server: nginx
Etag: W/"5a637bd4-1538f"
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-HW: 1539639849.dop001.sk1.t,1539639849.cds008.sk1.c


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   30288
Md5:    d549b312f7a7d228b4ec229a6547dfdc
Sha1:   0766794582ad530ec0f8c2595f741086afffa312
Sha256: f6488b2915e0ceee723f4320492511d46c6ba1860d5975d085e6da8913f55f44
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.16
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Fri, 12 Oct 2018 03:41:56 GMT
Etag: DBCE86310FBDBE84AB9DFFB0023665D3082FB8ED
X-OCSP-Responder-ID: rmdccaocsp23
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=280020
Expires: Fri, 19 Oct 2018 03:31:09 GMT
Date: Mon, 15 Oct 2018 21:44:09 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    69410166a8ef39e599d02d83788265bd
Sha1:   dbce86310fbdbe84ab9dffb0023665d3082fb8ed
Sha256: a4245b6d46a2790ef835704b2e13aae90ce473f19c13fb79434d21733e3132a8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.16
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Thu, 11 Oct 2018 21:27:34 GMT
Etag: BA2A0C5A3629F380D127C893536222262AFA5472
X-OCSP-Responder-ID: rmdccaocsp21
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=257608
Expires: Thu, 18 Oct 2018 21:17:37 GMT
Date: Mon, 15 Oct 2018 21:44:09 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    7fd8169768dbdf6a611cdb5e79665e87
Sha1:   ba2a0c5a3629f380d127c893536222262afa5472
Sha256: 6c3e146f02f7f8f3fb86c95aab3329381d0f56163ddff934c721accda8a18628
                                        
                                            GET /microsoft-help/criticalsecurity-24x7-helpline/css/style.css HTTP/1.1 
Host: lensively.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/

                                         
                                         72.52.175.122
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 15 Oct 2018 21:44:09 GMT
Server: Apache
Last-Modified: Tue, 24 Jul 2018 08:42:10 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Wed, 14 Nov 2018 21:44:09 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1297
Keep-Alive: timeout=2, max=499
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1297
Md5:    f18bf0464a2e4ccd7f657358fa025450
Sha1:   886e24d3bb822176130ef438cf8e807f9dbfbe53
Sha256: 95055234a924dca34ec00cc3f770ffd0f4e2af2817d3c42a1908c5a0f7eda9f3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Thu, 11 Oct 2018 21:27:34 GMT
Etag: E8581583C2803974EDDB983E5584CDB37B4F9E14
X-OCSP-Responder-ID: rmdccaocsp26
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=257566
Expires: Thu, 18 Oct 2018 21:16:55 GMT
Date: Mon, 15 Oct 2018 21:44:09 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    5e712a8f20f0ae131a32a41f82c55b67
Sha1:   e8581583c2803974eddb983e5584cdb37b4f9e14
Sha256: 65e0f33f70b334d388d92507b68dacbf8b7390892e3cb264962501c2836b9e79
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "6563A9B33DE73E936095CF98651C7D572873968EDF2AC474EBAFD4B5EE0D1BD3"
Last-Modified: Sat, 13 Oct 2018 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17953
Expires: Tue, 16 Oct 2018 02:43:23 GMT
Date: Mon, 15 Oct 2018 21:44:10 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    411ae70644a2b3505c5e08e094703ab4
Sha1:   7d5d0b10e7856a7e652dd9eacf5fd2bf8fc46958
Sha256: 6563a9b33de73e936095cf98651c7d572873968edf2ac474ebafd4b5ee0d1bd3
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.113
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Fri, 12 Oct 2018 21:57:15 GMT
Etag: "0ad73d07f0e753995827041b98e44c7651a0f7fd"
Content-Length: 1396
Cache-Control: public, no-transform, must-revalidate, max-age=12887
Expires: Tue, 16 Oct 2018 01:18:57 GMT
Date: Mon, 15 Oct 2018 21:44:10 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1396
Md5:    94f92080d4e35525903f52685b6dadba
Sha1:   0ad73d07f0e753995827041b98e44c7651a0f7fd
Sha256: 6bcfa3e73b9266d928a7cc23911b3fa7afec690f48b38bc29dbb9fcbeb8c8a62
                                        
                                            GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/

                                         
                                         209.197.3.15
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Date: Mon, 15 Oct 2018 21:44:10 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1519106275"
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 19740
Last-Modified: Tue, 20 Feb 2018 05:57:55 GMT
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-Cache: HIT


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   19740
Md5:    79c26a3bec8c8195107cb0e69f211ea6
Sha1:   084edec110715186ed997205a4dc3db1c81f56e5
Sha256: 729259be1acde44ee426a5c1acde0512b16e534fdecfb022feebc7334c969029
                                        
                                            GET /microsoft-help/criticalsecurity-24x7-helpline/images/favicon.ico HTTP/1.1 
Host: lensively.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         72.52.175.122
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Mon, 15 Oct 2018 21:44:09 GMT
Server: Apache
Last-Modified: Tue, 24 Jul 2018 08:41:36 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Wed, 14 Nov 2018 21:44:09 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 540
Keep-Alive: timeout=2, max=500
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   540
Md5:    70ac134d2e608ee150766b64494a192d
Sha1:   9b4345d6d66ba37ab058ed4ee606ff3558a93c98
Sha256: f66a34884b26b0351a4f1880756efb1389ee675e3ab8e024bfbe7de0d81fb617
                                        
                                            GET /microsoft-help/criticalsecurity-24x7-helpline/js/script.js HTTP/1.1 
Host: lensively.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/

                                         
                                         72.52.175.122
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 15 Oct 2018 21:44:09 GMT
Server: Apache
Last-Modified: Sun, 29 Jul 2018 09:33:12 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Wed, 14 Nov 2018 21:44:09 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2219
Keep-Alive: timeout=2, max=500
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2219
Md5:    d6949194968aec30c8911150067175f4
Sha1:   6feee6125a9d6112bb8352a8bd4079076553c025
Sha256: 55bcfb71e0088ff5365fec298656604117cdef9237a409c237a68d8db93eb70e
                                        
                                            GET /microsoft-help/criticalsecurity-24x7-helpline/images/support.svg HTTP/1.1 
Host: lensively.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/

                                         
                                         72.52.175.122
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 15 Oct 2018 21:44:09 GMT
Server: Apache
Last-Modified: Tue, 24 Jul 2018 08:42:12 GMT
Accept-Ranges: bytes
Cache-Control: max-age=172800
Expires: Wed, 17 Oct 2018 21:44:09 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4906
Keep-Alive: timeout=2, max=500
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4906
Md5:    67c7091228017b4af42d7b6f72d228ea
Sha1:   6d90580ec6023d31cb2ee6bfe4615eaa3e188642
Sha256: db4df2712a4c59bbfeb0b5b0ace6820465642ad066b99bd64cb1189ae29e37b9
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 15 Oct 2018 21:44:10 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    2bd4f7fbf723a3ecc8ae4f9c43262e42
Sha1:   2313111e71456e181a7b16cb4195853eb8e78fae
Sha256: 11aad883c08d69fc10d641d18e8f757aab72c478e7c46ee19ab1cabc3f28ed50
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 15 Oct 2018 21:44:10 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    d9d754520ae3340aa37cca6115eee05b
Sha1:   a0320372760d99c762cb2eb4b37f776625ef1b33
Sha256: 7dc8284c51c9a38dc1bf03bd28857ea5336e8f5c564eddbb1c9082ee43c93738
                                        
                                            GET /microsoft-help/criticalsecurity-24x7-helpline/images/335158-windows-8-window.png HTTP/1.1 
Host: lensively.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/

                                         
                                         72.52.175.122
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Mon, 15 Oct 2018 21:44:09 GMT
Server: Apache
Last-Modified: Tue, 24 Jul 2018 08:42:24 GMT
Accept-Ranges: bytes
Content-Length: 28697
Cache-Control: max-age=2592000
Expires: Wed, 14 Nov 2018 21:44:09 GMT
Keep-Alive: timeout=2, max=500
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 275 x 275, 8-bit/color RGBA, non-interlaced
Size:   28697
Md5:    2ac90f76ef5c91f3f49e6a74cfc88484
Sha1:   8094fb0bd55d5241d7838fdb9a9681e38ffee5da
Sha256: 312c6606235f1ba63b2141b812fef5398536390a76c85f5ab8bcc35a7aa8737e
                                        
                                            GET /jquery-3.3.1.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/

                                         
                                         205.185.208.52
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Mon, 15 Oct 2018 21:44:10 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 30288
Last-Modified: Sat, 20 Jan 2018 17:26:44 GMT
Server: nginx
Etag: W/"5a637bd4-1538f"
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-HW: 1539639850.dop003.sk1.t,1539639850.cds042.sk1.shn,1539639850.cds042.sk1.c


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   30288
Md5:    d549b312f7a7d228b4ec229a6547dfdc
Sha1:   0766794582ad530ec0f8c2595f741086afffa312
Sha256: f6488b2915e0ceee723f4320492511d46c6ba1860d5975d085e6da8913f55f44
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 15 Oct 2018 21:44:10 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    6964921de9c46a89f16419a9d35ced92
Sha1:   394d35cf875b64bd8dc092fdc928765fd10a5a07
Sha256: 719799abdbed0165f4af01be0fb059c8ede14ea0154cba6eed6b35224bed6321
                                        
                                            GET /bootstrap/3.3.7/css/bootstrap-theme.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/

                                         
                                         209.197.3.15
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Date: Mon, 15 Oct 2018 21:44:10 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1519106275"
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 2776
Last-Modified: Tue, 20 Feb 2018 05:57:55 GMT
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-Cache: HIT


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2776
Md5:    3fc43d95fc8f85f6f228709c2867ad0a
Sha1:   f351c15f7df61be136fa06ca436509bdad2f1404
Sha256: c86a38b2b111019438a4998ac4a4c0e6df726b30456e20eacb5c33b4d4adda8d
                                        
                                            GET /css?family=Comfortaa:300|Cormorant+Garamond|Cormorant+Infant|Cormorant+SC|Cormorant+Unicase|EB+Garamond|El+Messiri|Forum|Jura|Lobster|Neucha|Open+Sans+Condensed:300|PT+Sans|PT+Sans+Narrow|Philosopher|Playfair+Display+SC|Poiret+One|Ruslan+Display|Russo+One|Ubuntu&subset=cyrillic HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/css/style.css

                                         
                                         216.58.211.10
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Mon, 15 Oct 2018 21:44:10 GMT
Date: Mon, 15 Oct 2018 21:44:10 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  GRand Unified Bootloader stage2 version 169.86, installed partition 544041362, saved entry 1680464364, identifier 0x1e, LBA flag 0xf1, GRUB version 7\250\302zW\246, configuration file zW\246\012 gzip compressed data, max compression
Size:   1142
Md5:    50c8ab4fe3a5a351082aaadf88a78562
Sha1:   f605d3b24e23f2918c987678c3ddbe44d5a6ea8b
Sha256: 797fd7be7b31d5aace1d1c6b0a94fbf88a1c4efe54506a02a835ef4665c1a6d6
                                        
                                            GET /gtag/js?id=UA-77152316-11 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/

                                         
                                         172.217.20.40
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Access-Control-Allow-Origin: http://www.googletagmanager.com
Access-Control-Allow-Headers: Cache-Control
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 15 Oct 2018 21:44:10 GMT
Expires: Mon, 15 Oct 2018 21:44:10 GMT
Cache-Control: private, max-age=900
Server: Google Tag Manager (scaffolding)
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   29603
Md5:    09ef37b7bd40500d44134267a328b606
Sha1:   c8337392fac547971811bdf6ba882b1417198f6f
Sha256: 95c64bc328c5f7087e83cd76f204eea099fc0641949f034646f8370ef4717127
                                        
                                            GET /microsoft-help/criticalsecurity-24x7-helpline/images/background.png HTTP/1.1 
Host: lensively.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/

                                         
                                         72.52.175.122
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Mon, 15 Oct 2018 21:44:09 GMT
Server: Apache
Last-Modified: Tue, 24 Jul 2018 08:41:54 GMT
Accept-Ranges: bytes
Content-Length: 42207
Cache-Control: max-age=2592000
Expires: Wed, 14 Nov 2018 21:44:09 GMT
Keep-Alive: timeout=2, max=498
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 1349 x 767, 8-bit/color RGB, non-interlaced
Size:   42207
Md5:    4f47794f9c6894ad66d5c2e230aa3642
Sha1:   a8acb5fe2f895d6f43a63bc3a1cc15be148187c7
Sha256: 8a341385e96880052ae350401544af4213cb320a318d4d4c17ea0662f28d135c
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Mon, 15 Oct 2018 20:46:06 GMT
Expires: Mon, 15 Oct 2018 22:46:06 GMT
Last-Modified: Mon, 01 Oct 2018 17:56:18 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 17285
Cache-Control: public, max-age=7200
Age: 3485
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17285
Md5:    d805ae550cdc9aaa4bae83d67232e6ae
Sha1:   9537cd6a02c7a1ec9e0ac02b31a00b8dbd4230d3
Sha256: 232775139b1bd39d9966db28c8195b1ca5fbf6bcbfb80cc9e72edc45a4409dd3
                                        
                                            POST /j/collect?v=1&_v=j70&a=2011888146&t=pageview&_s=1&dl=http%3A%2F%2Flensively.com%2Fmicrosoft-help%2Fcriticalsecurity-24x7-helpline%2F&ul=en-us&de=UTF-8&dt=Microsoft%20Official%20Support&sd=24-bit&sr=1176x885&vp=1176x754&je=1&fl=10.0%20r45&_u=IEBAAcQAAAAAAC~&jid=352366403&gjid=1487751431&cid=1239599053.1539639852&tid=UA-77152316-11&_gid=178895048.1539639852&_r=1&gtm=ua1&z=1896429861 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/
Content-Length: 0
Origin: http://lensively.com
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Access-Control-Allow-Origin: http://lensively.com
Date: Mon, 15 Oct 2018 21:44:11 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Access-Control-Allow-Credentials: true
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 1
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            GET /microsoft-help/criticalsecurity-24x7-helpline/security.php HTTP/1.1 
Host: lensively.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lensively.com/microsoft-help/criticalsecurity-24x7-helpline/
Cookie: _ga=GA1.2.1239599053.1539639852; _gid=GA1.2.178895048.1539639852; _gat_gtag_UA_77152316_11=1

                                         
                                         72.52.175.122
HTTP/1.1 401 Unauthorized
Content-Type: text/html
                                        
Date: Mon, 15 Oct 2018 21:44:11 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
WWW-Authenticate: Basic realm="Suspicious activity detected on your IP address due to harmful virus installed in your computer. Call Toll Free now @+1-877-930-6211 for any assistance. Your data is at a serious risk.There is a system file missing due to some harmfull virus Debug malware error, system failure. Please contact technicians to rectify the issue.Please do not open internet browser for your security issue to avoid data corruption on your operating system. Please contact technicians at Tollfree Helpline at @+1-877-930-6211 PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND FAILURE OF OPERATING SYSTEM , HENCE NON BOOTABLE SITUATION RESULTING COMPLETE DATA LOSS . CONTACT ADMINISTRATOR DEPARTMENT TO RESOLVE THE ISSUE ON TOLL FREE @+1-877-930-6211 ."
refresh: 0; url=/microsoft-help/criticalsecurity-24x7-helpline/security.php
Set-Cookie: PHPSESSID=km76l7sp1cbrv54ohcqbvi2nd1; path=/
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 95
Keep-Alive: timeout=2, max=499
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   95
Md5:    2ae6785dde7009a0f6653446040762ae
Sha1:   4c0b10a13a5965b085bf041b45a74f8746534cdb
Sha256: 73d678dcad99f0048e5851bf42e2809b72a811ea1c253f32dc34dda275b50897

Alerts:
  urlquery:
    - Scam / Cryptowall detected
  IDS:
    - ET CURRENT_EVENTS Tech Support Phone Scam Landing M1 Oct 16 2016