seb.secure294.com
Open in
urlscan Pro
185.247.184.10
Malicious Activity!
Public Scan
Effective URL: https://seb.secure294.com/privat
Submission: On March 07 via manual from SE — Scanned from SE
Summary
TLS certificate: Issued by R3 on March 6th 2023. Valid for: 3 months.
This is the only time seb.secure294.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: SEB Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 8 | 185.247.184.10 185.247.184.10 | 207713 (GIR-AS) (GIR-AS) | |
1 | 129.178.73.10 129.178.73.10 | 44320 (SEBNET-AS) (SEBNET-AS) | |
8 | 2 |
ASN207713 (GIR-AS, RU)
PTR: 4SER-1676559442.ip-ptr.tech
seb.secure294.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
secure294.com
1 redirects
seb.secure294.com |
306 KB |
1 |
seb.se
id.seb.se |
258 KB |
8 | 2 |
Domain | Requested by | |
---|---|---|
8 | seb.secure294.com |
1 redirects
seb.secure294.com
|
1 | id.seb.se |
seb.secure294.com
|
8 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
seb.secure294.com R3 |
2023-03-06 - 2023-06-04 |
3 months | crt.sh |
id.seb.se DigiCert SHA2 Extended Validation Server CA |
2022-04-11 - 2023-04-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://seb.secure294.com/privat
Frame ID: 24FD202752D09880CC41718C2B7FD927
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Avtals- och säkerhetsuppdatering | SEBPage URL History Show full URLs
-
http://seb.secure294.com/privat
HTTP 301
https://seb.secure294.com/privat Page URL
Detected technologies
Laravel (Web Frameworks) ExpandDetected patterns
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://seb.secure294.com/privat
HTTP 301
https://seb.secure294.com/privat Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
privat
seb.secure294.com/ Redirect Chain
|
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
seb.secure294.com/css/seb/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bankid.svg
seb.secure294.com/images/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
seb-digipass.png
seb.secure294.com/images/seb/ |
163 KB 163 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
seb.secure294.com/js/seb/ |
210 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fog-and-trees.jpg
id.seb.se/assets/ |
257 KB 258 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SEBSansSerif-Medium.308ab8de3c2e2535.woff2
seb.secure294.com/fonts/seb/ |
34 KB 35 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SEBSansSerif-Regular.4c7865fb24ae2790.woff2
seb.secure294.com/fonts/seb/ |
34 KB 34 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: SEB Group (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| customerId object| preOTP1 object| preOTP2 boolean| enableSMS function| axios object| QRCode object| Alpine function| Vue3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
seb.secure294.com/ | Name: XSRF-TOKEN Value: eyJpdiI6IjBBd280dXFaZ3RNZklDRDlYdDBGcWc9PSIsInZhbHVlIjoidkJQMzN3NHk3SkNIRXRsNmZLeXE2SWRja1dEcEZxYjkyZ0FFTjNhdjlWVy9TenRsWldhRkp0NmQ3dXo3TEt2RHIyMU00aUl6NndMVEROYW9tNkcreWZYODNMT0E0Mld2S3BVeTJvR3RVb2NycE80RURPcWlFRE4wb2JGak0yYk8iLCJtYWMiOiI1NzU0ZjU1NWUzOGEwYjJmNzkyNzExMDg5ZGYzMjk1MDU4YWZiMzI5NGRiNTIzMGU2NjQxNGIzNzc1ZDgzNGIzIiwidGFnIjoiIn0%3D |
|
seb.secure294.com/ | Name: laravel_session Value: eyJpdiI6IjRTRG9BcGJZMDRwT3lQNlQ0RkdkQ1E9PSIsInZhbHVlIjoiVHNsbnNiRlRzdmNPdk5EdkUzYmJPOW9nTExKWFVPcWNwWkRCQlZRdUlRdjZoMmZXdTQ0RGU4RjhpQmZNaGxHQXhSajViZlE4dTVCMVJZSUpFRGRLeDJyeStkeVBCNkNMM2Zrd2dySXZuczJkNmZsS2gvQ3BKZ3cwbDdyR0pDMFkiLCJtYWMiOiIxYWMzMGEzMjdkMDk4ZWIyZjc5NzZmNDQ0ZGFjZjQxYTc0ZjNlZmZmODFkMGZkYzE5MDljOGRlZDY5NTA4NzVjIiwidGFnIjoiIn0%3D |
|
id.seb.se/ | Name: BIGipServerprd~auth-front_seb-login-client_8080_pool Value: 1136920330.36895.0000 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
id.seb.se
seb.secure294.com
129.178.73.10
185.247.184.10
21985736f4401fed593134638ec9032a5efb1be0d7b3e95c238999d293aec1d1
557a7d0a1ffc8d177fdb8aaa8e65639f07fecd9833fe04a92968e1cfad72ca5a
791c3ac02422401f4023305013fee7a7748bbb7c57a422cd4decd28ac806c75f
ce22eb0c405b78a4247ec19eba5816e03a01a3c065e84a2bc58a23875cd1efc7
d8ee7bc0ed0e64fcad7894ca984b51f80e422d0e8674d6d35375f925ce6f5176
d98282f8ac6a9812ed5d19c0c1d0b96b766c011287e60af5662757ec28ecab9d
e5ba21a307615fbf092fc168a10c45d71940ded43ce72314f6f4c02766692b50
e99a696c9b905f454b2f236cd023862caa3daa83f623ecca1946525b7d5bd126