airviews.net
Open in
urlscan Pro
2606:4700:30::681b:97c2
Malicious Activity!
Public Scan
URL:
http://airviews.net/blackchain/fa17ce2416525f49b00c9f897577b6bb/email.html
Submission: On November 09 via automatic, source openphish
Submission: On November 09 via automatic, source openphish
Summary
This website contacted 6 IPs
in 2 countries
across 4 domains to perform 18 HTTP transactions.
The main IP is 2606:4700:30::681b:97c2, located in
United States and
belongs to CLOUDFLARENET - Cloudflare, Inc., US.
The main domain is airviews.net.
This is the only time airviews.net was scanned on urlscan.io!
This is the only time airviews.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Blockchain (Crypto Exchange)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 5 | 2606:4700:30:... 2606:4700:30::681b:97c2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:825::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 4 | 2606:4700:30:... 2606:4700:30::681b:96c2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 2 | 2a00:1450:400... 2a00:1450:4001:825::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 2 | 104.16.224.250 104.16.224.250 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 18 | 6 |
5
2606:4700:30::681b:97c2
(United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| airviews.net |
4
2606:4700:30::681b:96c2
(United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| airviews.net |
2
104.16.224.250
(San Francisco, United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| login.blockchain.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
airviews.net
airviews.net |
1 MB |
| 2 |
blockchain.com
1 redirects
login.blockchain.com |
3 KB |
| 2 |
google-analytics.com
www.google-analytics.com |
17 KB |
| 1 |
googletagmanager.com
www.googletagmanager.com |
31 KB |
| 18 | 4 |
| Domain | Requested by | |
|---|---|---|
| 9 | airviews.net |
airviews.net
|
| 2 | login.blockchain.com |
1 redirects
airviews.net
|
| 2 | www.google-analytics.com |
www.googletagmanager.com
airviews.net |
| 1 | www.googletagmanager.com |
airviews.net
|
| 18 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| blockchain.com |
| blog.blockchain.com |
| blockchain.info |
| www.blockchain.com |
| support.blockchain.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.google-analytics.com Google Internet Authority G3 |
2018-10-23 - 2019-01-15 |
3 months | crt.sh |
| *.google.com Google Internet Authority G3 |
2018-10-23 - 2019-01-15 |
3 months | crt.sh |
| www.blockchain.com DigiCert SHA2 Extended Validation Server CA |
2018-06-14 - 2018-12-11 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://airviews.net/blackchain/fa17ce2416525f49b00c9f897577b6bb/email.html
Frame ID: 4A89C3EC3473067A8DF90D38E37704CA
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
Highcharts
(JavaScript Graphics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^Highcharts$/i
AngularJS
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^angular$/i
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /cloudflare/i
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^google_tag_manager$/i
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
URL: https://blockchain.com/
Title:
Title:
Search URL Search Domain Scan URL
URL: https://blog.blockchain.com/2018/06/22/what-you-need-to-know-about-blockchain-infos-domain-move/
Title: Read our FAQ.
Title: Read our FAQ.
Search URL Search Domain Scan URL
URL: https://blockchain.info/vi/wallet/#/login/mobile-login
Title: MOBILE_LOGIN.TITLE
Title: MOBILE_LOGIN.TITLE
Search URL Search Domain Scan URL
URL: https://blockchain.info/vi/wallet/#/login/help
Title: View Options
Title: View Options
Search URL Search Domain Scan URL
URL: https://blockchain.info/
Title: Data
Title: Data
Search URL Search Domain Scan URL
URL: https://www.blockchain.com/about
Title: About
Title: About
Search URL Search Domain Scan URL
URL: https://blog.blockchain.com/
Title: Blog
Title: Blog
Search URL Search Domain Scan URL
URL: https://support.blockchain.com/
Title: Support
Title: Support
Search URL Search Domain Scan URL
URL: https://blockchain.info/vi/wallet/#/login
Title: Chinese Simplified
Title: Chinese Simplified
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- https://login.blockchain.com/img/puff-white-0d5e8e64f9b84e9e9f1509ceecdb6040afab90e1.svg HTTP 302
- https://login.blockchain.com/en/
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
 Cookie set
email.html
airviews.net/blackchain/fa17ce2416525f49b00c9f897577b6bb/ |
23 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
analytics.js
airviews.net/blackchain/fa17ce2416525f49b00c9f897577b6bb/www.google-analytics.com/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
js
www.googletagmanager.com/gtag/ |
86 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
landing-587b6c83a0ea3fc41635a3dc2ebf257a114d7102.js
airviews.net/blackchain/fa17ce2416525f49b00c9f897577b6bb/files/ |
586 KB 198 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wallet-5a9e9b19f7465743a88c33582345f50587f24c88.css
airviews.net/blackchain/fa17ce2416525f49b00c9f897577b6bb/login.blockchain.com/css/ |
423 KB 87 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
my-wallet-825ea997c83d4b22921e60baf83ddfd6b564b924.js
airviews.net/blackchain/fa17ce2416525f49b00c9f897577b6bb/files/ |
1 MB 434 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wallet-8013945ef3529bd60b9d9c71e4aa65263be63989.js
airviews.net/blackchain/fa17ce2416525f49b00c9f897577b6bb/files/ |
1 MB 411 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
white-blockchain-f1208a2b904ce045df3239b1922104bd3fc6a7c1.svg
airviews.net/blackchain/fa17ce2416525f49b00c9f897577b6bb/files/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
spinner-8de10c3e9fd9f1c447099e6d23b5c24931c019da.gif
airviews.net/blackchain/fa17ce2416525f49b00c9f897577b6bb/files/ |
404 B 803 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
blue-logo-ea5f627851cb67fcdb31b3907dd0f7ddcd7ea4cf.svg
airviews.net/blackchain/fa17ce2416525f49b00c9f897577b6bb/files/ |
1 KB 1013 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
analytics.js
www.google-analytics.com/ |
42 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
/
login.blockchain.com/en/ Redirect Chain
|
0 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
themify-9c28960bb75ffd67e28f279872cb226fe32769c0.ttf
login.blockchain.com/fonts/themify/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
Montserrat-Light-3dccfdb80593b1c26f5734a7b4b2a0af8e2aef82.ttf
login.blockchain.com/fonts/montserrat/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
Montserrat-Regular-c63e78fe22028cdc1c85653e5289d9e9e1e44096.ttf
login.blockchain.com/fonts/montserrat/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
Montserrat-Medium-90b9f32e29a809550bff73f08b9a34455b8dd159.ttf
login.blockchain.com/fonts/montserrat/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
icomoon-74a475b5b62cd1c7bff135d28dff1ef5a7cd2e9a.ttf
login.blockchain.com/fonts/icomoon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
collect
www.google-analytics.com/r/ |
35 B 102 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.blockchain.com
- URL
- https://login.blockchain.com/fonts/themify/themify-9c28960bb75ffd67e28f279872cb226fe32769c0.ttf
- Domain
- login.blockchain.com
- URL
- https://login.blockchain.com/fonts/montserrat/Montserrat-Light-3dccfdb80593b1c26f5734a7b4b2a0af8e2aef82.ttf
- Domain
- login.blockchain.com
- URL
- https://login.blockchain.com/fonts/montserrat/Montserrat-Regular-c63e78fe22028cdc1c85653e5289d9e9e1e44096.ttf
- Domain
- login.blockchain.com
- URL
- https://login.blockchain.com/fonts/montserrat/Montserrat-Medium-90b9f32e29a809550bff73f08b9a34455b8dd159.ttf
- Domain
- login.blockchain.com
- URL
- https://login.blockchain.com/fonts/icomoon/icomoon-74a475b5b62cd1c7bff135d28dff1ef5a7cd2e9a.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Blockchain (Crypto Exchange)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| popupMsg function| noBack function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| sa object| gaGlobal object| gaData object| angular number| ng339 function| browserDetection object| FileAPI object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| hasUserMedia function| QRCode function| compareVersions object| Highcharts object| Blockchain4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .airviews.net/ | Name: _gat_gtag_UA_107281836_1 Value: 1 |
|
| .airviews.net/ | Name: _gid Value: GA1.2.1618068084.1541782604 |
|
| .airviews.net/ | Name: _ga Value: GA1.2.1987550229.1541782604 |
|
| .airviews.net/ | Name: __cfduid Value: df71337a3a3cf4aa8da1cceef469207551541782603 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
airviews.net
login.blockchain.com
www.google-analytics.com
www.googletagmanager.com
login.blockchain.com
104.16.224.250
2606:4700:30::681b:96c2
2606:4700:30::681b:97c2
2a00:1450:4001:825::2008
2a00:1450:4001:825::200e
053844ebb2c4bbfbb96f77e67af4986adf58a16a33fa18d347c32b25bd14acaa
2e0ab4544c8ebbeddd8a3a246a37f13068f70eb4272946819d74e928782459e8
60942206108412dfc5b056417dbc806c7b4aebb9f9fad3658fd74e52224a88ce
79e13bf6f1807722899eca8859b0338ac6b599fe9d2186a87a30e08aaa8b0470
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8cb05b675fe6419a9e91eb587c60902c7ed1cb6c42b8cff8ce404ef89f635cde
9e1358e6b32afdd15c4e7242f3b1f8df9f61e2994d2ae9d6dc4fa22faf217515
d37d83c714e12b7233f14e104617060c6e64a903ea7f8b1a487b1b59704586bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebb97b98f75d7bc80221f950808b9859a1c546b9d10b5c104908faf8e6f49305
f5f2daf9c8ae9152b6a3663895f3b0c4ed4c00e779d6f08b09ae7f656cda22df
f72577deb785edb9a7294b37ab18b8162c6e51f9607107626402ecdc1d2f348f