seft.moneygram.com Open in urlscan Pro
63.91.129.200 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://seft.moneygram.com/
Effective URL:
https://seft.moneygram.com/portal-seefx/login.jsp
Submission: On June 26 via automatic, source certstream-suspicious (June 26th 2020, 1:02:19 pm UTC)

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 63.91.129.200, located in Plano, United States and belongs to MONEYGRAM-INTERNATIONAL-INC, US. The main domain is seft.moneygram.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on December 14th 2018. Valid for: 2 years.

This is the only time seft.moneygram.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
2 10	63.91.129.200 63.91.129.200		29898 (MONEYGRAM...) (MONEYGRAM-INTERNATIONAL-INC)
8	1

10 63.91.129.200 (Plano, United States) 2 redirects

ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US)
PTR: user200.temgdwdp.com

seft.moneygram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	moneygram.com 2 redirects seft.moneygram.com	53 KB
8	1

	Domain	Requested by
10	seft.moneygram.com	2 redirects seft.moneygram.com
8	1

This site contains no links.

Subject Issuer	Validity	Valid
securetransfer.moneygram.com Entrust Certification Authority - L1K	`2018-12-14` - `2021-03-13`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://seft.moneygram.com/portal-seefx/login.jsp
Frame ID: 9C36583C6F55E94386978896548BF5C7
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://seft.moneygram.com/ HTTP 302
https://seft.moneygram.com/portal-seefx/ HTTP 302
https://seft.moneygram.com/portal-seefx/login.jsp Page URL

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

52 kB
Transfer

39 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://seft.moneygram.com/ HTTP 302
https://seft.moneygram.com/portal-seefx/ HTTP 302
https://seft.moneygram.com/portal-seefx/login.jsp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.jsp Show response
seft.moneygram.com/portal-seefx/
Redirect Chain

https://seft.moneygram.com/
https://seft.moneygram.com/portal-seefx/
https://seft.moneygram.com/portal-seefx/login.jsp

4 KB
6 KB

171ms
170ms

Document
text/html

63.91.129.200
MONEYGRAM-INTERNA...

General

Check archive.org

Show headers Download Go to

Full URL

https://seft.moneygram.com/portal-seefx/login.jsp

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

63.91.129.200 Plano, United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),

Reverse DNS

user200.temgdwdp.com

Software

SEEBURGER JBossAS /

Resource Hash

f51d65d10abf712e681fdb9b1a53ae9876f3e74352d7b0609e24ad16ac3491fa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: seft.moneygram.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: JSESSIONID=F73705984BD6DFA4367872DBC8969796
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
Cache-Control: private, no-cache, no-store
Pragma: no-cache
Expires: Fri, 26 Jun 2020 13:02:02 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 4337
Date: Fri, 26 Jun 2020 13:02:01 GMT
Server: SEEBURGER JBossAS

Redirect headers

Set-Cookie: JSESSIONID=F73705984BD6DFA4367872DBC8969796; Path=/; Secure; HttpOnly
Location: https://seft.moneygram.com/portal-seefx/login.jsp
Content-Length: 0
Date: Fri, 26 Jun 2020 13:02:01 GMT
Server: SEEBURGER JBossAS

GET
H/1.1 200
OK login.css
seft.moneygram.com/portal-seefx/VAADIN/themes/default/ 5 KB
7 KB 168ms
167ms Stylesheet
text/css 63.91.129.200
MONEYGRAM-INTERNA...

General

Check archive.org

Show headers Download Go to

Full URL

https://seft.moneygram.com/portal-seefx/VAADIN/themes/default/login.css

Requested by

Host: seft.moneygram.com
URL: https://seft.moneygram.com/portal-seefx/login.jsp

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

63.91.129.200 Plano, United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),

Reverse DNS

user200.temgdwdp.com

Software

SEEBURGER JBossAS /

Resource Hash

9d6ca58de75e0c6b27ecd7acf70a0442c277124b8622e05c0a05323e649abacc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seft.moneygram.com/portal-seefx/login.jsp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Last-Modified: Sun, 07 Jun 2020 08:07:35 GMT
Server: SEEBURGER JBossAS
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Date: Fri, 26 Jun 2020 13:02:01 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: public
Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
Content-Length: 4990
X-XSS-Protection: 1; mode=block
Expires: Fri, 26 Jun 2020 13:02:02 GMT

GET
H/1.1 200
OK login.css
seft.moneygram.com/portal-seefx/custom/ 0
2 KB 791ms
790ms Stylesheet
text/css 63.91.129.200
MONEYGRAM-INTERNA...

General

Check archive.org

Show headers Download Go to

Full URL

https://seft.moneygram.com/portal-seefx/custom/login.css

Requested by

Host: seft.moneygram.com
URL: https://seft.moneygram.com/portal-seefx/login.jsp

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

63.91.129.200 Plano, United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),

Reverse DNS

user200.temgdwdp.com

Software

SEEBURGER JBossAS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seft.moneygram.com/portal-seefx/login.jsp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Last-Modified: Sun, 07 Jun 2020 08:55:29 GMT
Server: SEEBURGER JBossAS
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Date: Fri, 26 Jun 2020 13:02:02 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: public
Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Fri, 26 Jun 2020 13:02:02 GMT

GET
H/1.1 200
OK mobileLogin.css
seft.moneygram.com/portal-seefx/VAADIN/themes/default/ 2 KB
4 KB 332ms
163ms Stylesheet
text/css 63.91.129.200
MONEYGRAM-INTERNA...

General

Check archive.org

Show headers Download Go to

Full URL

https://seft.moneygram.com/portal-seefx/VAADIN/themes/default/mobileLogin.css

Requested by

Host: seft.moneygram.com
URL: https://seft.moneygram.com/portal-seefx/login.jsp

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

63.91.129.200 Plano, United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),

Reverse DNS

user200.temgdwdp.com

Software

SEEBURGER JBossAS /

Resource Hash

23075ccb8df8eb25c2dc197691de563e41afb80e17d07f09dee24c96e2d04b1e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seft.moneygram.com/portal-seefx/login.jsp
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Last-Modified: Sun, 07 Jun 2020 08:07:35 GMT
Server: SEEBURGER JBossAS
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Date: Fri, 26 Jun 2020 13:02:02 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: public
Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
Content-Length: 2059
X-XSS-Protection: 1; mode=block
Expires: Fri, 26 Jun 2020 13:02:02 GMT

GET
H/1.1 200
OK background
seft.moneygram.com/portal-seefx/custom/file/login/header/ 182 B
2 KB 186ms
185ms Image
image/png 63.91.129.200
MONEYGRAM-INTERNA...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seft.moneygram.com/portal-seefx/custom/file/login/header/background

Requested by

Host: seft.moneygram.com
URL: https://seft.moneygram.com/portal-seefx/login.jsp

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

63.91.129.200 Plano, United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),

Reverse DNS

user200.temgdwdp.com

Software

SEEBURGER JBossAS /

Resource Hash

7e2eeb8a1099221c540f679c9b4ea7d94c642aacc22fd26bf356f13bded457fd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seft.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Last-Modified: Sun, 07 Jun 2020 08:55:29 GMT
Server: SEEBURGER JBossAS
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Date: Fri, 26 Jun 2020 13:02:02 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public
Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
Content-Length: 182
X-XSS-Protection: 1; mode=block
Expires: Fri, 26 Jun 2020 13:02:03 GMT

GET
H/1.1 200
OK logo
seft.moneygram.com/portal-seefx/custom/file/login/ 8 KB
10 KB 172ms
171ms Image
image/png 63.91.129.200
MONEYGRAM-INTERNA...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seft.moneygram.com/portal-seefx/custom/file/login/logo

Requested by

Host: seft.moneygram.com
URL: https://seft.moneygram.com/portal-seefx/login.jsp

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

63.91.129.200 Plano, United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),

Reverse DNS

user200.temgdwdp.com

Software

SEEBURGER JBossAS /

Resource Hash

9dac21acba5ca002af4bb3259592107e38144aef265de5cabf9c3a5ed2c1aebd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seft.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Last-Modified: Sun, 07 Jun 2020 08:55:29 GMT
Server: SEEBURGER JBossAS
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Date: Fri, 26 Jun 2020 13:02:02 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public
Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
Content-Length: 8326
X-XSS-Protection: 1; mode=block
Expires: Fri, 26 Jun 2020 13:02:03 GMT

GET
H/1.1 200
OK background
seft.moneygram.com/portal-seefx/custom/file/login/ 18 KB
20 KB 371ms
371ms Image
image/png 63.91.129.200
MONEYGRAM-INTERNA...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seft.moneygram.com/portal-seefx/custom/file/login/background

Requested by

Host: seft.moneygram.com
URL: https://seft.moneygram.com/portal-seefx/login.jsp

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

63.91.129.200 Plano, United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),

Reverse DNS

user200.temgdwdp.com

Software

SEEBURGER JBossAS /

Resource Hash

0b31bafb40e433f3d21f6b486f206c8a29fa305064509ca129ef9543cfbfe33f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seft.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Last-Modified: Sun, 07 Jun 2020 08:55:29 GMT
Server: SEEBURGER JBossAS
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Date: Fri, 26 Jun 2020 13:02:02 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public
Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
Content-Length: 18650
X-XSS-Protection: 1; mode=block
Expires: Fri, 26 Jun 2020 13:02:03 GMT

GET
H/1.1 200
OK button
seft.moneygram.com/portal-seefx/custom/file/login/ 1 KB
3 KB 338ms
167ms Image
image/png 63.91.129.200
MONEYGRAM-INTERNA...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seft.moneygram.com/portal-seefx/custom/file/login/button

Requested by

Host: seft.moneygram.com
URL: https://seft.moneygram.com/portal-seefx/login.jsp

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

63.91.129.200 Plano, United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),

Reverse DNS

user200.temgdwdp.com

Software

SEEBURGER JBossAS /

Resource Hash

57825d9ef8a18bd01a387af119adfcc1f903d71c535f0ed1ca333d2593694c21

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seft.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Last-Modified: Sun, 07 Jun 2020 08:55:29 GMT
Server: SEEBURGER JBossAS
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Date: Fri, 26 Jun 2020 13:02:02 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public
Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
Content-Length: 1179
X-XSS-Protection: 1; mode=block
Expires: Fri, 26 Jun 2020 13:02:03 GMT

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			seft.moneygram.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: F73705984BD6DFA4367872DBC8969796

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' .googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: .youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; media-src blob:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

seft.moneygram.com
63.91.129.200
0b31bafb40e433f3d21f6b486f206c8a29fa305064509ca129ef9543cfbfe33f
23075ccb8df8eb25c2dc197691de563e41afb80e17d07f09dee24c96e2d04b1e
57825d9ef8a18bd01a387af119adfcc1f903d71c535f0ed1ca333d2593694c21
7e2eeb8a1099221c540f679c9b4ea7d94c642aacc22fd26bf356f13bded457fd
9d6ca58de75e0c6b27ecd7acf70a0442c277124b8622e05c0a05323e649abacc
9dac21acba5ca002af4bb3259592107e38144aef265de5cabf9c3a5ed2c1aebd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f51d65d10abf712e681fdb9b1a53ae9876f3e74352d7b0609e24ad16ac3491fa

seft.moneygram.com Open in urlscan Pro 63.91.129.200 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

52 kBTransfer

39 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

seft.moneygram.com Open in urlscan Pro
63.91.129.200 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

52 kB
Transfer

39 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions