smart2.smartbillers.click Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://smart2.smartbillers.click/shop/?p=ses
Submission: On May 19 via manual (May 19th 2023, 2:05:48 pm UTC) from RO — Scanned from NL

Summary HTTP 26 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 26 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is smart2.smartbillers.click.
TLS certificate: Issued by E1 on May 18th 2023. Valid for: 3 months.

This is the only time smart2.smartbillers.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Eurocard (Financial)

Domain & IP information

	IP Address	AS Autonomous System
13	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	129.178.73.6 129.178.73.6	44320 (SEBNET-AS) (SEBNET-AS)
26	3

13 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

smart2.smartbillers.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 129.178.73.6 (Sweden)

ASN44320 (SEBNET-AS, SE)
PTR: secure.eurocard.fi

secure.eurocard.dk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	smartbillers.click smart2.smartbillers.click	160 KB
1	eurocard.dk secure.eurocard.dk	4 KB
0	mitid.dk Failed www.mitid.dk Failed
26	3

	Domain	Requested by
13	smart2.smartbillers.click	smart2.smartbillers.click
1	secure.eurocard.dk	smart2.smartbillers.click
0	www.mitid.dk Failed	smart2.smartbillers.click
26	3

This site contains links to these domains. Also see Links.

Domain
www.eurocard.dk

Subject Issuer	Validity	Valid
smartbillers.click E1	`2023-05-18` - `2023-08-16`	3 months	crt.sh
eurocard.se DigiCert TLS RSA SHA256 2020 CA1	`2022-10-27` - `2023-11-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://smart2.smartbillers.click/shop/?p=ses
Frame ID: A5C565678F8FD31DAA3A441A6F648E1A
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Eurocard Bank | MitID

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

26
Requests

54 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

164 kB
Transfer

391 kB
Size

4
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.eurocard.dk/kundeservice/lov-og-sikkerhed/om-eurocard/#lov
Title: Lov og sikkerhed

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
smart2.smartbillers.click/shop/ 127 KB
31 KB 226ms
103ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d484ffcdc05c2c8c296b25255a80a8b00f648d6c193697e726db8281f449736

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c9ce5771e0afa3c-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 19 May 2023 14:05:42 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SB8YhPRkLnM7WFnouTEzEpBBwZ0%2FKkR%2Bs6AdPJM6fM1%2BjwJnWPltOieQ8FBwy3LQAzlt2iQV00osOTK5F0x1ZOPGRhlEaHyWBVPuLGbeyk%2FtcxfXiu2w9a8%2BQMeJxEoobZuW4saT%2FWtkqne5cAoxSJ2g1TiovefF"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 404 loadConfig.js
smart2.smartbillers.click/ 0
0 97ms
96ms Script
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/loadConfig.js
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://smart2.smartbillers.click/shop/?p=ses
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 14:05:43 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cg7f5RPMzzFaDbgW%2BMEzMyQkuh64SfgsWr7dJR2a3cJNPo3kIOd3ERhcHZ2yK10aZ0%2FrXm%2BEqtNHrltzK0Cua%2F0Ou47gH2GBOFnEHlZnt%2BJFo4EXkR1%2B6RPoEd72SPpL6TM0GMfPvQUQFA%2F7sgVwei2l%2Fb%2FrWIlJ"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7c9ce5783e6afa3c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 404 index.f0e0c9c2.js
smart2.smartbillers.click/assets/ 0
0 92ms
91ms Script
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/assets/index.f0e0c9c2.js
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://smart2.smartbillers.click/shop/?p=ses
Origin: https://smart2.smartbillers.click
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 14:05:43 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ctIsf40aCVTXcxEVX9qyqJ1dww9NqVoYWkDtzt0BBLzKZFJH3SghEKq8GjBGn8UJgoN0IYlEE8WrRv7BjIvyJW%2FpOsoMckCtnMznpfqg%2FpCJbGbL3KBDzjIxiz4udfuugPoNkYsXUCSpL9alDYKi%2BmrdUOAipkP"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7c9ce5784e6bfa3c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 404 vendor.a7a790ad.js
smart2.smartbillers.click/assets/ 0
0 101ms
99ms Script
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/assets/vendor.a7a790ad.js
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://smart2.smartbillers.click/shop/?p=ses
Origin: https://smart2.smartbillers.click
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 14:05:43 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WZYSvktAgWrbqd%2FYeP5wutKsLkjBCSeR5DnV5ey%2B5iBjOK8LNgZTPysj6ePsIJTtGZNvUbAtUvXH4v9LWMRZRymLXCqoJjZJc5lA13gBThAms%2FJd31KKr9eHf%2FrjCtJNpjedcmUsmGvBnIl0nOwmIHpgNzip0MVn"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7c9ce5784e6dfa3c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 404 vendor_react.ebc76cf4.js
smart2.smartbillers.click/assets/ 0
0 95ms
94ms Script
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/assets/vendor_react.ebc76cf4.js
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://smart2.smartbillers.click/shop/?p=ses
Origin: https://smart2.smartbillers.click
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 14:05:43 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PklIZAzpGofOm9nVtWx37NQDclpPvw5JkKHnAs8oW87GRVqQAT9yOaSaQwVCb5dfTKRgO3ggbizgSszFtzXfFV3L9y%2FgvVi1KLKIauUFjWamkMp7TDS6mnH66Qxf81er4J1YvKxZJLDZXthlVRYRDeHwo0NuzGLG"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7c9ce5784e6efa3c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 index.7b77c875.css
smart2.smartbillers.click/front_end/front_end_files/ 4 KB
2 KB 99ms
97ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/front_end/front_end_files/index.7b77c875.css
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1293e033046057e975c29a90def553986e6d8e41a9793ba6285f2b3e312c9586

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://smart2.smartbillers.click/shop/?p=ses
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 14:05:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 18 May 2023 11:48:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"fe4-5fbf662ffa140-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C6FUGHWVjEZXOnbd8tzvZjAVXx91iGdAaA%2BR9oEFteREFV9BRrMhKFUmihLtdfDg8P0GF5aLIyBH0Jo2zXfRSbaHtdudAfJNA1SHCVZ5Ufic9nRhssPBQI7abDq6TLmL5bG%2Bxh%2FYvo9vDw%2BIL%2BBMQL0MNfhz6QYO"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7c9ce5784e6cfa3c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET coreclient.38aa143e5793d1fc8eac.js
www.mitid.dk/mitid-core-client-backend/v1/ 0
0

GET
H2 200 jquery.js Show response
smart2.smartbillers.click/front_end/front_end_files/ 87 KB
32 KB 175ms
172ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/front_end/front_end_files/jquery.js
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://smart2.smartbillers.click/shop/?p=ses
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 14:05:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 18 May 2023 11:48:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"15d9d-5fbf662ffa140-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3WyqCO8v%2Bw4KyiqEBUoyeyd%2FEinTuqTUScJTWPCwsHbrj6TSBaMlUZEsxK4vdHwNs2HQFSIL99ErWHZh4AY2TqTuKfdfT%2Bey5lvVnxyTQnD%2FYdwn7CXNXVdciN0QxTUAnRdz6tLBgiSH%2F74wE%2BYF6nQBfa8MImo9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7c9ce5784e6ffa3c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.js Show response
smart2.smartbillers.click/js/cntdjs/ 87 KB
32 KB 133ms
130ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/js/cntdjs/jquery.js
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://smart2.smartbillers.click/shop/?p=ses
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 14:05:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Jul 2022 03:34:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"15d9d-5e498dae29e80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IGmHC9EqIXpj%2BnYkrCqCoq1VBoY3igDtCmakZnBQoTVS2VRDxWwC6Pa2TdzT7r0wlA4JuufHPr2LRb2D%2ByBoMhG41yhSJXtKpVwV71ATqxc7XCOTfnE7Bd1qmwLnt6eJ%2F93zLmnb4qUUhfmLobwCbpRBHW3UMaay"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7c9ce5784e70fa3c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.mask.js Show response
smart2.smartbillers.click/js/cntdjs/ 23 KB
6 KB 99ms
97ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/js/cntdjs/jquery.mask.js
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://smart2.smartbillers.click/shop/?p=ses
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 14:05:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Jul 2022 03:34:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5a88-5e498dae29e80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YV2frSq4iwRmFATJKyZiGY6%2B6uao1bQ8rWhx6pSMc3lnL5KWP0NLdrK99lqprRs4ErFxIc6QYq0gHyqQRgbbixOrvR4f%2BbaD9XPMm7J%2FqSOjkzr2Y82BPhsli%2BnTZIzi3rHFS2zY9gzPpS3smIqXusB58Q3ckRJ3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7c9ce5784e71fa3c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cntd.js Show response
smart2.smartbillers.click/js/cntdjs/ 3 KB
1 KB 95ms
93ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/js/cntdjs/cntd.js
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b056148977cddad1d04190e8588f71549f5fbce2c8504fd0a52699a451896ca

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://smart2.smartbillers.click/shop/?p=ses
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 14:05:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Jul 2022 03:34:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"abf-5e498dae29e80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OSfDfxb7%2BI7bb8cHUtOOEZ8Ez2Qzbjfxn0IvlIC33DyZ2huwDe1%2F4rZpZ%2BmEvwfP3GftERNoJhuaQASrPDHlphDEcFBJpcwSigWSgUa2kQvNuJ%2BiZFF8Q4eQA5ZjVRd6OmmjKvwGuM8zgac5VGm6AI1tbn3hFHty"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7c9ce5784e72fa3c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 loading.js Show response
smart2.smartbillers.click/js/shared/ 2 KB
1012 B 98ms
96ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/js/shared/loading.js
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4bdc871a71df801aa86926434d6fbed9744ec4757af4e9d6d40978724ea59134

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://smart2.smartbillers.click/shop/?p=ses
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 14:05:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Jul 2022 03:34:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"7b5-5e498dae29e80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OT4Uq2NDexnCwKfmlxh96u3ldNCPHz0R4OzsQmoLNzPi7uWxmSHqWd%2BafEErAYxi1Tdtynr5fiN%2BL75AHXathYyuVWgbpfGvI2VL%2BYTLorMJNLegtL9c2IrCvO5NMpKdI9UpeSNK%2BJietxSVytqxpGx1iogDIrIm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7c9ce5784e74fa3c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 online_status.js Show response
smart2.smartbillers.click/js/shared/ 998 B
765 B 1137ms
1135ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/js/shared/online_status.js
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e64e9d464beb9fe2717cd8bd8d093bb04d570f08a15c65f14533733904e12be7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://smart2.smartbillers.click/shop/?p=ses
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 14:05:44 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 25 Jul 2022 03:34:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3e6-5e498dae29e80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9V1m4wQZr99nZ8NF%2FweNy3HqIa4ZmKYqh%2FvZOV41vFD%2BlgSY8qJksynZn7s2SlRhi2qGh4kvCa90TjcSNqM2HD6FTVLtOvLHb7Uu8UQQXoUobEP8ER5KopS14I4LlFCSl%2B0umntrKnxgcQItnZJv3HPh5gtEMVB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7c9ce5786e85fa3c-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK home.img.ingresslogo
secure.eurocard.dk/nis/m/ecdk/external/bin/ 2 KB
4 KB 202ms
62ms Image
image/svg+xml 129.178.73.6
SEBNET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.eurocard.dk/nis/m/ecdk/external/bin/home.img.ingresslogo

Requested by

Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

129.178.73.6 , Sweden, ASN44320 (SEBNET-AS, SE),

Reverse DNS

secure.eurocard.fi

Software

Resource Hash

4f94928dfe40729ad7e1bd2e954916bb6fbfe8ab8216b0dda2ef1e2f28ee5b2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://smart2.smartbillers.click/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 14:05:43 GMT
strict-transport-security: max-age=2592000; includeSubDomains
content-language: en-US
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: image/svg+xml
cache-control: max-age=3600, no-cache=set-cookie
content-disposition: inline;filename=f.txt
content-length: 2422
expires: Fri, 19 May 2023 15:05:43 GMT

GET bootstrapper.26b008a325cc6885436a.js
www.mitid.dk/mitid-core-client-backend/v1/ 0
0

GET lineto-akkurat-regular.woff
secure.eurocard.dk/nis/m/ecdk/external/bin/ 0
0

GET IBMPlexSans-Bold.woff2
www.mitid.dk/assets/fonts/ 0
0

GET IBMPlexSans-SemiBold.woff2
www.mitid.dk/assets/fonts/ 0
0

GET IBMPlexSans.woff2
www.mitid.dk/assets/fonts/ 0
0

GET IBMPlexSans-Medium.woff2
www.mitid.dk/assets/fonts/ 0
0

GET HelveticaNeueETW01-45Lt.ttf
secure.eurocard.dk/nis/m/ecdk/external/bin/ 0
0

GET IBMPlexSans-Bold.woff
www.mitid.dk/assets/fonts/ 0
0

GET IBMPlexSans-SemiBold.woff
www.mitid.dk/assets/fonts/ 0
0

GET IBMPlexSans.woff
www.mitid.dk/assets/fonts/ 0
0

GET IBMPlexSans-Medium.woff
www.mitid.dk/assets/fonts/ 0
0

GET
H3 200 IBMPlexSans.woff2
smart2.smartbillers.click/front_end/front_end_files/ 55 KB
55 KB 143ms
143ms Font
font/woff2 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart2.smartbillers.click/front_end/front_end_files/IBMPlexSans.woff2
Requested by: Host: smart2.smartbillers.click
URL: https://smart2.smartbillers.click/shop/?p=ses
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61bfa80e071153824914399d5f7ca26ec75fcfe3f4ad20e616e88fe6d9544823

Request headers

Referer: https://smart2.smartbillers.click/shop/?p=ses
Origin: https://smart2.smartbillers.click
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 14:05:44 GMT
cf-cache-status: MISS
last-modified: Thu, 18 May 2023 11:48:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "da80-5fbf662f05f00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EikD%2FaJCyUKSCqlorrvZkHc2x8FaEGU0NKSUyBwj8O50N98OWCipIYPqQWua8k%2Fqc8o%2F1TB9YZgrCfwnZ0XOGaEm6UJzk60Ff7l88WWWzEJk%2FJwROc7bmodEvRGbyKfWrJXqKWm8F8VkuV7p9U6CE9Y8TS2PaOFF"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c9ce58148b106e0-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 55936

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.mitid.dk
URL: https://www.mitid.dk/mitid-core-client-backend/v1/coreclient.38aa143e5793d1fc8eac.js

Domain: www.mitid.dk
URL: https://www.mitid.dk/mitid-core-client-backend/v1/bootstrapper.26b008a325cc6885436a.js

Domain: secure.eurocard.dk
URL: https://secure.eurocard.dk/nis/m/ecdk/external/bin/lineto-akkurat-regular.woff

Domain: www.mitid.dk
URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff2

Domain: www.mitid.dk
URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff2

Domain: www.mitid.dk
URL: https://www.mitid.dk/assets/fonts/IBMPlexSans.woff2

Domain: www.mitid.dk
URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff2

Domain: secure.eurocard.dk
URL: https://secure.eurocard.dk/nis/m/ecdk/external/bin/HelveticaNeueETW01-45Lt.ttf

Domain: www.mitid.dk
URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff

Domain: www.mitid.dk
URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff

Domain: www.mitid.dk
URL: https://www.mitid.dk/assets/fonts/IBMPlexSans.woff

Domain: www.mitid.dk
URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Eurocard (Financial)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
smart2.smartbillers.click/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5r4to383uicj6fltrl3qcq1c9i
secure.eurocard.dk/	1969-12-31 23:59:59	Name: JSESSIONID Value: 0001F4GrKpjduLc8v1BLo4Fb2kX:597ae55a-63f0-459e-873d-86313a2fcffa
secure.eurocard.dk/	1969-12-31 23:59:59	Name: BIGipServerprd~sebkort_sebkort_9080_pool Value: 1423902474.30755.0000
secure.eurocard.dk/	1969-12-31 23:59:59	Name: BIGipServer~pf_iam_wsl_ext_prd~pf_iam_wsl_ext_app~pf_iam_prd_ext_bulk_1453_pool Value: rd525o00000000000000000000ffff0a101fb1o1453

29 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://smart2.smartbillers.click/shop/?p=ses Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.mitid.dk/mitid-core-client-backend/v1/bootstrapper.26b008a325cc6885436a.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://smart2.smartbillers.click/assets/index.f0e0c9c2.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://smart2.smartbillers.click/loadConfig.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://smart2.smartbillers.click/assets/vendor_react.ebc76cf4.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://smart2.smartbillers.click/assets/vendor.a7a790ad.js Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to script at 'https://www.mitid.dk/mitid-core-client-backend/v1/bootstrapper.26b008a325cc6885436a.js' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mitid.dk/mitid-core-client-backend/v1/bootstrapper.26b008a325cc6885436a.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to script at 'https://www.mitid.dk/mitid-core-client-backend/v1/coreclient.38aa143e5793d1fc8eac.js' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mitid.dk/mitid-core-client-backend/v1/coreclient.38aa143e5793d1fc8eac.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to font at 'https://www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff2' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to font at 'https://www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff2' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to font at 'https://www.mitid.dk/assets/fonts/IBMPlexSans.woff2' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mitid.dk/assets/fonts/IBMPlexSans.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to font at 'https://secure.eurocard.dk/nis/m/ecdk/external/bin/lineto-akkurat-regular.woff' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://secure.eurocard.dk/nis/m/ecdk/external/bin/lineto-akkurat-regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to font at 'https://www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff2' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to font at 'https://secure.eurocard.dk/nis/m/ecdk/external/bin/HelveticaNeueETW01-45Lt.ttf' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://secure.eurocard.dk/nis/m/ecdk/external/bin/HelveticaNeueETW01-45Lt.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to font at 'https://www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to font at 'https://www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to font at 'https://www.mitid.dk/assets/fonts/IBMPlexSans.woff' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mitid.dk/assets/fonts/IBMPlexSans.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://smart2.smartbillers.click/shop/?p=ses Message: Access to font at 'https://www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff' from origin 'https://smart2.smartbillers.click' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secure.eurocard.dk
smart2.smartbillers.click
www.mitid.dk
secure.eurocard.dk
www.mitid.dk
129.178.73.6
2a06:98c1:3121::3
1293e033046057e975c29a90def553986e6d8e41a9793ba6285f2b3e312c9586
2d484ffcdc05c2c8c296b25255a80a8b00f648d6c193697e726db8281f449736
4bdc871a71df801aa86926434d6fbed9744ec4757af4e9d6d40978724ea59134
4f94928dfe40729ad7e1bd2e954916bb6fbfe8ab8216b0dda2ef1e2f28ee5b2f
5b056148977cddad1d04190e8588f71549f5fbce2c8504fd0a52699a451896ca
61bfa80e071153824914399d5f7ca26ec75fcfe3f4ad20e616e88fe6d9544823
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
e64e9d464beb9fe2717cd8bd8d093bb04d570f08a15c65f14533733904e12be7
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

smart2.smartbillers.click Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

26 Requests

54 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

164 kBTransfer

391 kBSize

4 Cookies

1 Outgoing links

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

4 Cookies

29 Console Messages

Indicators

smart2.smartbillers.click Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

54 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

164 kB
Transfer

391 kB
Size

4
Cookies

26 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!