www.webcomicbookcreator.com Open in urlscan Pro
2a02:c207:2020:6234::10 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.webcomicbookcreator.com/wp-admin/user/Nars/po/card.php
Effective URL:
https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/
Submission: On July 10 via manual (July 10th 2023, 8:35:05 am UTC) from NO — Scanned from NO

Summary HTTP 4 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 2a02:c207:2020:6234::10, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is www.webcomicbookcreator.com.
TLS certificate: Issued by R3 on May 19th 2023. Valid for: 3 months.

This is the only time www.webcomicbookcreator.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

	IP Address		AS Autonomous System
2 6	2a02:c207:202... 2a02:c207:2020:6234::10		51167 (CONTABO) (CONTABO)
4	2

6 2a02:c207:2020:6234::10 (Nuremberg, Germany) 2 redirects

ASN51167 (CONTABO, DE)

www.webcomicbookcreator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	webcomicbookcreator.com 2 redirects www.webcomicbookcreator.com	36 KB
4	1

	Domain	Requested by
6	www.webcomicbookcreator.com	2 redirects www.webcomicbookcreator.com
4	1

This site contains no links.

Subject Issuer	Validity	Valid
webcomicbookcreator.com R3	`2023-05-19` - `2023-08-17`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/
Frame ID: 30DB0E5BDC76EECB92996C96C37534B2
Requests: 9 HTTP requests in this frame

Frame: https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/passid_files/a.html
Frame ID: 86F9C511B2BE4E31E50BB08FCE0A7564
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OIDC Client - BankID

Page URL History Show full URLs

https://www.webcomicbookcreator.com/wp-admin/user/Nars/po/card.php HTTP 302
https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang HTTP 301
https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/ Page URL

Page Statistics

4
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

35 kB
Transfer

254 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.webcomicbookcreator.com/wp-admin/user/Nars/po/card.php HTTP 302
https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang HTTP 301
https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
14 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.webcomicbookcreator.com/wp-admin/user/Nars/gang/ Redirect Chain https://www.webcomicbookcreator.com/wp-admin/user/Nars/po/card.php https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/	16 KB 6 KB	68ms 67ms	Document text/html	2a02:c207:2020:6234::10 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:c207:2020:6234::10 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS Software nginx / PHP/7.2.34 PleskLin Resource Hash `5f68455f39e6815ced50ce0f66071153a04d44415287847634ce25aeac4fbe00` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language no-NO,no;q=0.9 Response headers content-encoding br content-type text/html; charset=UTF-8 date Mon, 10 Jul 2023 08:35:01 GMT server nginx x-cache-status BYPASS x-powered-by PHP/7.2.34 PleskLin Redirect headers content-length 268 content-type text/html; charset=iso-8859-1 date Mon, 10 Jul 2023 08:35:00 GMT location https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/ server nginx x-cache-status BYPASS x-powered-by PleskLin
GET H2	200	oidc-client.min.css www.webcomicbookcreator.com/wp-admin/user/Nars/gang/passid_files/	55 KB 9 KB	70ms 70ms	Stylesheet text/css	2a02:c207:2020:6234::10 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/passid_files/oidc-client.min.css Requested by Host: www.webcomicbookcreator.com URL: https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:c207:2020:6234::10 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS Software nginx / PleskLin Resource Hash `d7851c7c8eee9bd33f92ee9b8fab868298f78dd296fd36402c0b37b9a8e67666` Request headers accept-language no-NO,no;q=0.9 Referer https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Mon, 10 Jul 2023 08:35:01 GMT content-encoding br last-modified Wed, 15 Dec 2021 05:31:34 GMT server nginx etag W/"dc36-5d3289e725980" x-cache-status BYPASS x-powered-by PleskLin content-type text/css
GET H2	200	a.html Show response www.webcomicbookcreator.com/wp-admin/user/Nars/gang/passid_files/ Frame 86F9	17 KB 4 KB	69ms 68ms	Document text/html	2a02:c207:2020:6234::10 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/passid_files/a.html Requested by Host: www.webcomicbookcreator.com URL: https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:c207:2020:6234::10 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS Software nginx / PleskLin Resource Hash `e3b34f791c5cd99ac34b1957d9183e4bb99d6136c8ca4428c781b1fb18c0616b` Request headers Referer https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language no-NO,no;q=0.9 Response headers content-encoding br content-type text/html date Mon, 10 Jul 2023 08:35:01 GMT etag W/"454c-5d3289e725980" last-modified Wed, 15 Dec 2021 05:31:34 GMT server nginx x-cache-status BYPASS x-powered-by PleskLin
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	997 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `05963eb01688d9d70b3580fa1be7b11d99a66087656a2b6af1d80bd9670ef1e6` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	167 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `cbee76f080a3f8638f8d1cc0e1457adf5588a5ca44b56c5bf719bb5f57f0f2de` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	240 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `254868d92f9456d518064051d29f9ff0532bf9a5da291b06f8accb0900e40072` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5fb598258367467cd553791c19f53f62da36726d218734d18366ef75d5c32769` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	366 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bc795cf00117d34096de8876731329301cb631c7cc5b33cd34d56ec87b917822` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	296 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	bid_201910240825.css www.webcomicbookcreator.com/wp-admin/user/Nars/gang/passid_files/ Frame 86F9	157 KB 17 KB	72ms 71ms	Stylesheet text/css	2a02:c207:2020:6234::10 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/passid_files/bid_201910240825.css Requested by Host: www.webcomicbookcreator.com URL: https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/passid_files/a.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:c207:2020:6234::10 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS Software nginx / PleskLin Resource Hash `2020a87eac20868292ed2224cd0ce3142862fd19b2530b63431c7d9122cf6511` Request headers accept-language no-NO,no;q=0.9 Referer https://www.webcomicbookcreator.com/wp-admin/user/Nars/gang/passid_files/a.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Mon, 10 Jul 2023 08:35:01 GMT content-encoding br last-modified Wed, 15 Dec 2021 05:31:34 GMT server nginx etag W/"27408-5d3289e725980" x-cache-status BYPASS x-powered-by PleskLin content-type text/css
GET DATA	200 OK	truncated Show response / Frame 86F9	0 0		Script text/javascript
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type text/javascript
GET DATA	200 OK	truncated / Frame 86F9	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame 86F9	296 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame 86F9	172 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6a191c4d1f4adbef09018df519205cc8696e1f0f00a67196f0677e8484d949f2` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame 86F9	172 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame 86F9	310 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c575ff79d199955e3aba19296142cf49cd7bcdcf7317f8a17bed8d349f9a7388` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated / Frame 86F9	200 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dc197b30cca0477fd82b1c175af0ed1008687e12d9dff7f75c417f959c1830ae` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.webcomicbookcreator.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: s741eveqkld7f48uit09n1hgkm

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.webcomicbookcreator.com
2a02:c207:2020:6234::10
05963eb01688d9d70b3580fa1be7b11d99a66087656a2b6af1d80bd9670ef1e6
2020a87eac20868292ed2224cd0ce3142862fd19b2530b63431c7d9122cf6511
254868d92f9456d518064051d29f9ff0532bf9a5da291b06f8accb0900e40072
296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab
2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766
5f68455f39e6815ced50ce0f66071153a04d44415287847634ce25aeac4fbe00
5fb598258367467cd553791c19f53f62da36726d218734d18366ef75d5c32769
6a191c4d1f4adbef09018df519205cc8696e1f0f00a67196f0677e8484d949f2
bc795cf00117d34096de8876731329301cb631c7cc5b33cd34d56ec87b917822
c575ff79d199955e3aba19296142cf49cd7bcdcf7317f8a17bed8d349f9a7388
cbee76f080a3f8638f8d1cc0e1457adf5588a5ca44b56c5bf719bb5f57f0f2de
d7851c7c8eee9bd33f92ee9b8fab868298f78dd296fd36402c0b37b9a8e67666
dc197b30cca0477fd82b1c175af0ed1008687e12d9dff7f75c417f959c1830ae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b34f791c5cd99ac34b1957d9183e4bb99d6136c8ca4428c781b1fb18c0616b

www.webcomicbookcreator.com Open in urlscan Pro 2a02:c207:2020:6234::10 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

35 kBTransfer

254 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

www.webcomicbookcreator.com Open in urlscan Pro
2a02:c207:2020:6234::10 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

35 kB
Transfer

254 kB
Size

1
Cookies

4 HTTP transactions
14 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!