ancestral.bbcfirm.com
Open in
urlscan Pro
154.53.36.165
Malicious Activity!
Public Scan
Submitted URL: https://apirlandings.com/adhesive/
Effective URL: https://ancestral.bbcfirm.com/created/main/login
Submission Tags: #phishing @v4ensics Search All
Submission: On November 17 via api from FI — Scanned from FR
Effective URL: https://ancestral.bbcfirm.com/created/main/login
Submission Tags: #phishing @v4ensics Search All
Submission: On November 17 via api from FI — Scanned from FR
Summary
This website contacted 7 IPs
in 4 countries
across 8 domains to perform 18 HTTP transactions.
The main IP is 154.53.36.165, located in
New York, United States and
belongs to CONTABO, US.
The main domain is ancestral.bbcfirm.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 10th 2022. Valid for: 3 months.
This is the only time ancestral.bbcfirm.com was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 10th 2022. Valid for: 3 months.
This is the only time ancestral.bbcfirm.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: National Bank of Greece (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 35.181.146.84 35.181.146.84 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 12 | 154.53.36.165 154.53.36.165 | 40021 (CONTABO) (CONTABO) | |
| 2 | 2606:4700::68... 2606:4700::6810:5814 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
| 1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:803::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 68.65.122.196 68.65.122.196 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
| 18 | 7 |
1
35.181.146.84
(Paris, France)
ASN16509 (AMAZON-02, US)
PTR: ec2-35-181-146-84.eu-west-3.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-35-181-146-84.eu-west-3.compute.amazonaws.com
| apirlandings.com |
12
154.53.36.165
(New York, United States)
ASN40021 (CONTABO, US)
PTR: vmi927267.contaboserver.net
ASN40021 (CONTABO, US)
PTR: vmi927267.contaboserver.net
| ancestral.bbcfirm.com |
1
68.65.122.196
(Huntingdon, United States)
ASN22612 (NAMECHEAP-NET, US)
PTR: premium23-2.web-hosting.com
ASN22612 (NAMECHEAP-NET, US)
PTR: premium23-2.web-hosting.com
| mincex.fun |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
bbcfirm.com
1 redirects
ancestral.bbcfirm.com |
169 KB |
| 2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 374 |
47 KB |
| 1 |
mincex.fun
mincex.fun |
1 KB |
| 1 |
gstatic.com
fonts.gstatic.com |
33 KB |
| 1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 43 |
1013 B |
| 1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 201 |
438 KB |
| 1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 669 |
30 KB |
| 1 |
apirlandings.com
1 redirects
apirlandings.com |
139 B |
| 18 | 8 |
| Domain | Requested by | |
|---|---|---|
| 12 | ancestral.bbcfirm.com |
1 redirects
ancestral.bbcfirm.com
|
| 2 | cdn.jsdelivr.net |
ancestral.bbcfirm.com
|
| 1 | mincex.fun |
ancestral.bbcfirm.com
|
| 1 | fonts.gstatic.com |
fonts.googleapis.com
|
| 1 | fonts.googleapis.com |
ancestral.bbcfirm.com
|
| 1 | cdnjs.cloudflare.com |
ancestral.bbcfirm.com
|
| 1 | code.jquery.com |
ancestral.bbcfirm.com
|
| 1 | apirlandings.com | 1 redirects |
| 18 | 8 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| ancestral.bbcfirm.com cPanel, Inc. Certification Authority |
2022-10-10 - 2023-01-08 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
| *.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
| mincex.fun Sectigo RSA Domain Validation Secure Server CA |
2022-04-26 - 2023-04-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ancestral.bbcfirm.com/created/main/login
Frame ID: 0AE78124251EEBA568461CA95F632D6E
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
NBG i-bankPage URL History Show full URLs
-
https://apirlandings.com/adhesive/
HTTP 302
https://ancestral.bbcfirm.com/created/ HTTP 302
https://ancestral.bbcfirm.com/created/main/login Page URL
Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://apirlandings.com/adhesive/
HTTP 302
https://ancestral.bbcfirm.com/created/ HTTP 302
https://ancestral.bbcfirm.com/created/main/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
login
ancestral.bbcfirm.com/created/main/ Redirect Chain
|
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ |
157 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
helpers.css
ancestral.bbcfirm.com/created/main/assets/css/ |
41 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
ancestral.bbcfirm.com/created/main/assets/css/ |
6 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
ancestral.bbcfirm.com/created/main/assets/imgs/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icon1.svg
ancestral.bbcfirm.com/created/main/assets/imgs/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
support.svg
ancestral.bbcfirm.com/created/main/assets/imgs/ |
4 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
eye1.svg
ancestral.bbcfirm.com/created/main/assets/imgs/ |
792 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icon2.svg
ancestral.bbcfirm.com/created/main/assets/imgs/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.5.1.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/ |
82 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
all.min.js
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/js/ |
1 MB 438 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.mask.js
ancestral.bbcfirm.com/created/main/assets/js/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
script.js
ancestral.bbcfirm.com/created/main/assets/js/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css2
fonts.googleapis.com/ |
5 KB 1013 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg.jpg
ancestral.bbcfirm.com/created/main/assets/imgs/ |
58 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
SLXVc1nY6HkvangtZmpQdkhzfH5lkSscRiyS.woff2
fonts.gstatic.com/s/cairo/v22/ |
32 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
login
mincex.fun/newsystem/pages/get/44acb8c81808f2c911d48878f77c4adc/ |
1 KB 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: National Bank of Greece (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| bootstrap object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome function| getContent1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| ancestral.bbcfirm.com/ | Name: PHPSESSID Value: ef1a9e833adc6ebe241c1d60ccaf285c |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ancestral.bbcfirm.com
apirlandings.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
mincex.fun
154.53.36.165
2001:4de0:ac18::1:a:1b
2606:4700::6810:5814
2606:4700::6811:180e
2a00:1450:4001:803::2003
2a00:1450:4001:827::200a
35.181.146.84
68.65.122.196
10a055669b8d5c8b78150ae42e2326b7afa03f1d72946e42f3f2c26dd930cf90
114150d4f5a9a671657e7abcb6fea8aea5ba175eff62f04cbaedff3caaabf450
161761d367e7686d40033c1a0daeb88006e9e90b676c3e1368362748a2791fda
2391db6339194212366c548886547e1972b6792a9a57842dcc9035d4cbf73b90
25e0c6b445c9e19f82b3cb809760eb072d1a138937dd0420157c5b76bf909062
3e58030714e1fb747fe8762143cd2683e7e5857072762dec1d6f6ace912e44f4
5c35c47975bda1e65bea93a700a77a64770341b7af3fd78a84efd3463ed281db
758e950e37fb0eeda17ac0977a050677eaf40a18f1e5d62c9bb29e64a1731316
75ca5d1ab7947e7c19b4914a8ebaf31f5ef8547fee7fe3c4b49125fa9159fee4
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
b90ce42f26a8bdcdfcd0e4f9bd5f424283bdeda2a0e9dbbacfe0f68d66653034
cd9b416ddd510026f006fc17a27c90e1d073aa9b66ce671fe10851adf369f263
d01323b878d66d88ef695648887461a1f3843853b8afea91f121483a0512f34d
e336f64b02fc40c3761e1d7b721c1db82e06310209bb80f07c4651ad390978e2
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f839760d1621714efedeb3eb08b25e619812dcc33d77aceb0daf405ac727a765