lonestarwinecellars.com Open in urlscan Pro
104.24.102.219 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.lonestarwinecellars.com/cone/
Effective URL:
http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1...
Submission: On February 05 via manual (February 5th 2018, 7:45:14 pm UTC) from US

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 15 HTTP transactions. The main IP is 104.24.102.219, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is lonestarwinecellars.com.

This is the only time lonestarwinecellars.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
2 10	104.24.102.219 104.24.102.219	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	104.24.103.219 104.24.103.219	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	91.198.174.208 91.198.174.208	14907 (WIKIMEDIA) (WIKIMEDIA - Wikimedia Foundation Inc.)
1	137.44.1.7 137.44.1.7	786 (JANET Jis...) (JANET Jisc Services Limited)
15	5

10 104.24.102.219 (San Francisco, United States) 2 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.lonestarwinecellars.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lonestarwinecellars.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.24.103.219 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

lonestarwinecellars.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.198.174.208 (Netherlands)

ASN14907 (WIKIMEDIA - Wikimedia Foundation Inc., US)
PTR: upload-lb.esams.wikimedia.org

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 137.44.1.7 (Swansea, United Kingdom)

ASN786 (JANET Jisc Services Limited, GB)
PTR: web.swan.ac.uk

www.swansea.ac.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	lonestarwinecellars.com 2 redirects www.lonestarwinecellars.com lonestarwinecellars.com	31 KB
1	swansea.ac.uk www.swansea.ac.uk	44 KB
1	wikimedia.org upload.wikimedia.org	14 KB
15	3

	Domain	Requested by
10	lonestarwinecellars.com	1 redirects lonestarwinecellars.com www.lonestarwinecellars.com
2	www.lonestarwinecellars.com	1 redirects
1	www.swansea.ac.uk	lonestarwinecellars.com
1	upload.wikimedia.org	lonestarwinecellars.com
15	4

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Frame ID: (6D5986D659ADF0FF4B4E53A2F7A787F2)
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.lonestarwinecellars.com/cone/ HTTP 302
http://www.lonestarwinecellars.com/cone/vac.php?cmd=login_submit&id=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891da... Page URL
http://lonestarwinecellars.com/cone/poow/ HTTP 302
http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b8568... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

15
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

87 kB
Transfer

192 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.lonestarwinecellars.com/cone/ HTTP 302
http://www.lonestarwinecellars.com/cone/vac.php?cmd=login_submit&id=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174&session=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174 Page URL
http://lonestarwinecellars.com/cone/poow/ HTTP 302
http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.lonestarwinecellars.com/cone/ HTTP 302
http://www.lonestarwinecellars.com/cone/vac.php?cmd=login_submit&id=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174&session=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

vac.php Show response
www.lonestarwinecellars.com/cone/
Redirect Chain

http://www.lonestarwinecellars.com/cone/
http://www.lonestarwinecellars.com/cone/vac.php?cmd=login_submit&id=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174&session=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5cca...

2 KB
1 KB

188ms
188ms

Document
text/html

104.24.102.219
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://www.lonestarwinecellars.com/cone/vac.php?cmd=login_submit&id=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174&session=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174
Protocol: HTTP/1.1
Server: 104.24.102.219 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e8802ff734ef4aa4dadf34e25efe358e41737793853c4a49f81b1627dc1b605

Request headers

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection: keep-alive
Accept-Encoding: gzip, deflate
Cookie: __cfduid=d70519aa63ad57ebdc2cc09a548eabf4a1517859903
Host: www.lonestarwinecellars.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 05 Feb 2018 19:45:04 GMT
Content-Encoding: gzip
Server: cloudflare
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3e885e31d05026c0-FRA

Redirect headers

Date: Mon, 05 Feb 2018 19:45:04 GMT
Server: cloudflare
Transfer-Encoding: chunked
Content-Type: text/html
location: vac.php?cmd=login_submit&id=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174&session=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174
Set-Cookie: __cfduid=d70519aa63ad57ebdc2cc09a548eabf4a1517859903; expires=Tue, 05-Feb-19 19:45:03 GMT; path=/; domain=.lonestarwinecellars.com; HttpOnly
Connection: keep-alive
CF-RAY: 3e885e2f672526c0-FRA

GET
H/1.1

200
OK

Primary Request chaq.php Show response
lonestarwinecellars.com/cone/poow/
Redirect Chain

http://lonestarwinecellars.com/cone/poow/
http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe...

3 KB
2 KB

213ms
212ms

Document
text/html

104.24.102.219
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Protocol: HTTP/1.1
Server: 104.24.102.219 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 232b3ff546ad566e3e7e469a1d801f16c98560aab784f30c62ee42be7192c2f5

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: lonestarwinecellars.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://www.lonestarwinecellars.com/cone/vac.php?cmd=login_submit&id=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174&session=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174
Cookie: __cfduid=d7c56fee2c4cb756082a12700e53439f81517859908
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.lonestarwinecellars.com/cone/vac.php?cmd=login_submit&id=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174&session=5fddbd891dab8d4eabef5ccaf4f1e1745fddbd891dab8d4eabef5ccaf4f1e174
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 05 Feb 2018 19:45:09 GMT
Content-Encoding: gzip
Server: cloudflare
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3e885e4e61112690-FRA

Redirect headers

Date: Mon, 05 Feb 2018 19:45:08 GMT
Server: cloudflare
Transfer-Encoding: chunked
Content-Type: text/html
location: chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Set-Cookie: __cfduid=d7c56fee2c4cb756082a12700e53439f81517859908; expires=Tue, 05-Feb-19 19:45:08 GMT; path=/; domain=.lonestarwinecellars.com; HttpOnly
Connection: keep-alive
CF-RAY: 3e885e4c202b2690-FRA

GET
H/1.1 200
OK font.css
lonestarwinecellars.com/cone/poow/telm_files/ 344 B
607 B 8ms
8ms Stylesheet
text/css 104.24.102.219
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://lonestarwinecellars.com/cone/poow/telm_files/font.css
Requested by: Host: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Protocol: HTTP/1.1
Server: 104.24.102.219 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1465719582dcc64aaa178e66adf4a24839f47a7e81428910032328a0fc592922

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: lonestarwinecellars.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Cookie: __cfduid=d7c56fee2c4cb756082a12700e53439f81517859908
Connection: keep-alive
Cache-Control: no-cache
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 05 Feb 2018 19:45:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Cf-Bgj: minify
Server: cloudflare
Etag: W/"1fd-5642154629b00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Last-Modified: Thu, 01 Feb 2018 07:13:16 GMT
Connection: keep-alive
CF-RAY: 3e885e4fc1a02690-FRA
Expires: Tue, 06 Feb 2018 19:45:09 GMT

GET
H/1.1 200
OK login.css
lonestarwinecellars.com/cone/poow/telm_files/ 4 KB
2 KB 16ms
10ms Stylesheet
text/css 104.24.103.219
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://lonestarwinecellars.com/cone/poow/telm_files/login.css
Requested by: Host: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Protocol: HTTP/1.1
Server: 104.24.103.219 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0bc7a162b39a07b813b2d5fbeb7a7a639415e3e5387c27ee5613479b126aafba

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: lonestarwinecellars.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Cookie: __cfduid=d7c56fee2c4cb756082a12700e53439f81517859908
Connection: keep-alive
Cache-Control: no-cache
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 05 Feb 2018 19:45:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Cf-Bgj: minify
Server: cloudflare
Etag: W/"1596-5642154629b00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Last-Modified: Thu, 01 Feb 2018 07:13:16 GMT
Connection: keep-alive
CF-RAY: 3e885e4fc6f4972c-FRA
Expires: Tue, 06 Feb 2018 19:45:09 GMT

GET
H/1.1 200
OK input.css
lonestarwinecellars.com/cone/poow/telm_files/ 4 KB
1 KB 429ms
423ms Stylesheet
text/css 104.24.103.219
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://lonestarwinecellars.com/cone/poow/telm_files/input.css
Requested by: Host: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Protocol: HTTP/1.1
Server: 104.24.103.219 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f252c7ce325b7bbbcf1a7857ea17ae88766d5e3591e1246beee294c7822a67eb

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: lonestarwinecellars.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Cookie: __cfduid=d7c56fee2c4cb756082a12700e53439f81517859908
Connection: keep-alive
Cache-Control: no-cache
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 05 Feb 2018 19:45:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Cf-Bgj: minify
Server: cloudflare
Etag: W/"12f3-5642154629b00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Last-Modified: Thu, 01 Feb 2018 07:13:16 GMT
Connection: keep-alive
CF-RAY: 3e885e4fc0459712-FRA
Expires: Tue, 06 Feb 2018 19:45:09 GMT

GET
H/1.1 200
OK stander.css
lonestarwinecellars.com/cone/poow/telm_files/ 338 B
588 B 219ms
213ms Stylesheet
text/css 104.24.102.219
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://lonestarwinecellars.com/cone/poow/telm_files/stander.css
Requested by: Host: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Protocol: HTTP/1.1
Server: 104.24.102.219 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13f81d16cd7761fc6793b627804f036fa1e6d5e13a7d255e1a72b94c9a21353a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: lonestarwinecellars.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Cookie: __cfduid=d7c56fee2c4cb756082a12700e53439f81517859908
Connection: keep-alive
Cache-Control: no-cache
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 05 Feb 2018 19:45:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Cf-Bgj: minify
Server: cloudflare
Etag: W/"195-5642154629b00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Last-Modified: Thu, 01 Feb 2018 07:13:16 GMT
Connection: keep-alive
CF-RAY: 3e885e4fc75d63cd-FRA
Expires: Tue, 06 Feb 2018 19:45:09 GMT

GET
H/1.1 200
OK bootstrap.css
lonestarwinecellars.com/cone/poow/telm_files/ 100 KB
17 KB 203ms
197ms Stylesheet
text/css 104.24.102.219
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://lonestarwinecellars.com/cone/poow/telm_files/bootstrap.css
Requested by: Host: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Protocol: HTTP/1.1
Server: 104.24.102.219 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a788cd1f9da1552bb08b7d0735bca829b44c31eb489f1fc215c6e509969887d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: lonestarwinecellars.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Cookie: __cfduid=d7c56fee2c4cb756082a12700e53439f81517859908
Connection: keep-alive
Cache-Control: no-cache
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 05 Feb 2018 19:45:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Cf-Bgj: minify
Server: cloudflare
Etag: W/"193a8-5642154629b00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Last-Modified: Thu, 01 Feb 2018 07:13:16 GMT
Connection: keep-alive
CF-RAY: 3e885e4fc7542732-FRA
Expires: Tue, 06 Feb 2018 19:45:09 GMT

GET
H/1.1 200
OK bootstrap-responsive.css
lonestarwinecellars.com/cone/poow/telm_files/ 16 KB
4 KB 15ms
9ms Stylesheet
text/css 104.24.102.219
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://lonestarwinecellars.com/cone/poow/telm_files/bootstrap-responsive.css
Requested by: Host: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Protocol: HTTP/1.1
Server: 104.24.102.219 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 451aa235effd1d348d50108f082de3fc4ece3691744264b54e2a6a4ea248f454

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: lonestarwinecellars.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Cookie: __cfduid=d7c56fee2c4cb756082a12700e53439f81517859908
Connection: keep-alive
Cache-Control: no-cache
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 05 Feb 2018 19:45:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Cf-Bgj: minify
Server: cloudflare
Etag: W/"40a9-5642154629b00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Last-Modified: Thu, 01 Feb 2018 07:13:16 GMT
Connection: keep-alive
CF-RAY: 3e885e4fc45a26c0-FRA
Expires: Tue, 06 Feb 2018 19:45:09 GMT

GET
H/1.1 200
OK bootstrap-select.css
lonestarwinecellars.com/cone/poow/telm_files/ 3 KB
1 KB 15ms
7ms Stylesheet
text/css 104.24.102.219
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://lonestarwinecellars.com/cone/poow/telm_files/bootstrap-select.css
Requested by: Host: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Protocol: HTTP/1.1
Server: 104.24.102.219 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5cdd2a51e5dd791e1740556f9ec76fa92a79758ee59abdebc6fb3afe40a3dd2

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: lonestarwinecellars.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Cookie: __cfduid=d7c56fee2c4cb756082a12700e53439f81517859908
Connection: keep-alive
Cache-Control: no-cache
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 05 Feb 2018 19:45:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Cf-Bgj: minify
Server: cloudflare
Etag: W/"fb8-5642154629b00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Last-Modified: Thu, 01 Feb 2018 07:13:16 GMT
Connection: keep-alive
CF-RAY: 3e885e4fc1a62690-FRA
Expires: Tue, 06 Feb 2018 19:45:09 GMT

GET
H/1.1 200
OK responsive.css
lonestarwinecellars.com/cone/poow/telm_files/ 746 B
757 B 24ms
8ms Stylesheet
text/css 104.24.102.219
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://lonestarwinecellars.com/cone/poow/telm_files/responsive.css
Requested by: Host: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Protocol: HTTP/1.1
Server: 104.24.102.219 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42fb699b16211df7812fd089e978554a2a0591741082834ff3327a47626faa36

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: lonestarwinecellars.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Cookie: __cfduid=d7c56fee2c4cb756082a12700e53439f81517859908
Connection: keep-alive
Cache-Control: no-cache
Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 05 Feb 2018 19:45:09 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Cf-Bgj: minify
Server: cloudflare
Etag: W/"3ff-5642154629b00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Last-Modified: Thu, 01 Feb 2018 07:13:16 GMT
Connection: keep-alive
CF-RAY: 3e885e4fd1aa2690-FRA
Expires: Tue, 06 Feb 2018 19:45:09 GMT

GET
S 200 1024px-DHL_Logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/a/ac/DHL_Logo.svg/ 13 KB
14 KB 41ms
12ms Image
image/png 91.198.174.208
Wikimedia Foundat...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/thumb/a/ac/DHL_Logo.svg/1024px-DHL_Logo.svg.png

Requested by

Host: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625

Protocol

SPDY

Server

91.198.174.208 , Netherlands, ASN14907 (WIKIMEDIA - Wikimedia Foundation Inc., US),

Reverse DNS

upload-lb.esams.wikimedia.org

Software

Resource Hash

d657f5f4559dc7ca2114aa5c0b19d4da699bbcc7590e497a01f52b9967d4423d

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload

Request headers

Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

x-analytics: https=1;nocookies=1
date: Mon, 05 Feb 2018 19:45:09 GMT
via: 1.1 varnish-v4, 1.1 varnish (Varnish/5.1), 1.1 varnish (Varnish/5.1)
age: 82792
x-cache-status: hit-front
x-cache: cp1062 hit/1, cp3035 hit/4, cp3036 hit/87
status: 200
content-length: 13576
x-trans-id: txbba32eae279647b098901-005a7770db
x-client-ip: 148.251.45.254
x-object-meta-sha1base36: jvkhdt9or7jgp1phkesei9fvrlde55u
timing-allow-origin: *
last-modified: Wed, 30 Oct 2013 16:43:59 GMT
etag: 094bea5c6e7df6836eb8a652dfd52811
strict-transport-security: max-age=106384710; includeSubDomains; preload
x-varnish: 289432899 292799603, 73247574 73927247, 359995124 827134348
access-control-allow-origin: *
x-timestamp: 1383151438.68394
accept-ranges: bytes
content-type: image/png
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache, X-Varnish

GET
H/1.1 200
OK office-2.png
www.swansea.ac.uk/it-services/software-enquiry/office-365/ 44 KB
44 KB 47ms
25ms Image
image/png 137.44.1.7
JANET Jisc Servic...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.swansea.ac.uk/it-services/software-enquiry/office-365/office-2.png
Requested by: Host: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
Protocol: HTTP/1.1
Server: 137.44.1.7 Swansea, United Kingdom, ASN786 (JANET Jisc Services Limited, GB),
Reverse DNS: web.swan.ac.uk
Software: Apache /
Resource Hash: e5dc908c683f9fedd0183d4dc8a844f0c1053575301b069852f17afd4fc082bd

Request headers

Referer: http://lonestarwinecellars.com/cone/poow/chaq.php?cmd=login_submit&id=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625&session=b85685364f536a267c4ffe8e1bc59625b85685364f536a267c4ffe8e1bc59625
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 05 Feb 2018 19:45:09 GMT
Last-Modified: Thu, 13 Jul 2017 14:20:23 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=4, max=500
Content-Length: 44596

GET loading_ajax.gif
lonestarwinecellars.com/cone/poow/telm_files/ 0
0

GET robot.jpg
lonestarwinecellars.com/cone/img/robot/ 0
0

GET open-sans.light-webfont.woff
lonestarwinecellars.com/cone/poow/font/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/telm_files/loading_ajax.gif

Domain: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/img/robot/robot.jpg

Domain: lonestarwinecellars.com
URL: http://lonestarwinecellars.com/cone/poow/font/open-sans.light-webfont.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.lonestarwinecellars.com/	1970-01-18 22:23:15	Name: __cfduid Value: d70519aa63ad57ebdc2cc09a548eabf4a1517859903

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lonestarwinecellars.com
upload.wikimedia.org
www.lonestarwinecellars.com
www.swansea.ac.uk
lonestarwinecellars.com
104.24.102.219
104.24.103.219
137.44.1.7
91.198.174.208
0bc7a162b39a07b813b2d5fbeb7a7a639415e3e5387c27ee5613479b126aafba
13f81d16cd7761fc6793b627804f036fa1e6d5e13a7d255e1a72b94c9a21353a
1465719582dcc64aaa178e66adf4a24839f47a7e81428910032328a0fc592922
232b3ff546ad566e3e7e469a1d801f16c98560aab784f30c62ee42be7192c2f5
2e8802ff734ef4aa4dadf34e25efe358e41737793853c4a49f81b1627dc1b605
3a788cd1f9da1552bb08b7d0735bca829b44c31eb489f1fc215c6e509969887d
42fb699b16211df7812fd089e978554a2a0591741082834ff3327a47626faa36
451aa235effd1d348d50108f082de3fc4ece3691744264b54e2a6a4ea248f454
c5cdd2a51e5dd791e1740556f9ec76fa92a79758ee59abdebc6fb3afe40a3dd2
d657f5f4559dc7ca2114aa5c0b19d4da699bbcc7590e497a01f52b9967d4423d
e5dc908c683f9fedd0183d4dc8a844f0c1053575301b069852f17afd4fc082bd
f252c7ce325b7bbbcf1a7857ea17ae88766d5e3591e1246beee294c7822a67eb

lonestarwinecellars.com Open in urlscan Pro 104.24.102.219 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

0 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

5 IPs

3 Countries

87 kBTransfer

192 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

lonestarwinecellars.com Open in urlscan Pro
104.24.102.219 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

87 kB
Transfer

192 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!