seb.secure294.com Open in urlscan Pro
185.247.184.10  Malicious Activity! Public Scan

Submitted URL: http://seb.secure294.com/privat
Effective URL: https://seb.secure294.com/privat
Submission: On March 07 via manual from SE — Scanned from SE

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 185.247.184.10, located in Rome, Italy and belongs to GIR-AS, RU. The main domain is seb.secure294.com.
TLS certificate: Issued by R3 on March 6th 2023. Valid for: 3 months.
This is the only time seb.secure294.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SEB Group (Banking)

Domain & IP information

IP Address AS Autonomous System
1 8 185.247.184.10 207713 (GIR-AS)
1 129.178.73.10 44320 (SEBNET-AS)
8 2
Apex Domain
Subdomains
Transfer
8 secure294.com
seb.secure294.com
306 KB
1 seb.se
id.seb.se
258 KB
8 2
Domain Requested by
8 seb.secure294.com 1 redirects seb.secure294.com
1 id.seb.se seb.secure294.com
8 2

This site contains no links.

Subject Issuer Validity Valid
seb.secure294.com
R3
2023-03-06 -
2023-06-04
3 months crt.sh
id.seb.se
DigiCert SHA2 Extended Validation Server CA
2022-04-11 -
2023-04-11
a year crt.sh

This page contains 1 frames:

Primary Page: https://seb.secure294.com/privat
Frame ID: 24FD202752D09880CC41718C2B7FD927
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Avtals- och säkerhetsuppdatering | SEB

Page URL History Show full URLs

  1. http://seb.secure294.com/privat HTTP 301
    https://seb.secure294.com/privat Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

564 kB
Transfer

719 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://seb.secure294.com/privat HTTP 301
    https://seb.secure294.com/privat Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request privat
seb.secure294.com/
Redirect Chain
  • http://seb.secure294.com/privat
  • https://seb.secure294.com/privat
5 KB
3 KB
Document
General
Full URL
https://seb.secure294.com/privat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU),
Reverse DNS
4SER-1676559442.ip-ptr.tech
Software
nginx /
Resource Hash
791c3ac02422401f4023305013fee7a7748bbb7c57a422cd4decd28ac806c75f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

cache-control
no-cache, private
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 07 Mar 2023 08:42:09 GMT
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
162
Content-Type
text/html
Date
Tue, 07 Mar 2023 08:42:09 GMT
Location
https://seb.secure294.com/privat
Server
nginx
app.css
seb.secure294.com/css/seb/
12 KB
3 KB
Stylesheet
General
Full URL
https://seb.secure294.com/css/seb/app.css?id=be5a5517eba0bb3968a33f1c20cd7065
Requested by
Host: seb.secure294.com
URL: https://seb.secure294.com/privat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU),
Reverse DNS
4SER-1676559442.ip-ptr.tech
Software
nginx /
Resource Hash
21985736f4401fed593134638ec9032a5efb1be0d7b3e95c238999d293aec1d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://seb.secure294.com/privat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Tue, 07 Mar 2023 08:42:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Feb 2023 15:20:14 GMT
server
nginx
etag
W/"63ee49ae-2eb7"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-xss-protection
1; mode=block
bankid.svg
seb.secure294.com/images/
3 KB
2 KB
Image
General
Full URL
https://seb.secure294.com/images/bankid.svg
Requested by
Host: seb.secure294.com
URL: https://seb.secure294.com/privat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU),
Reverse DNS
4SER-1676559442.ip-ptr.tech
Software
nginx /
Resource Hash
ce22eb0c405b78a4247ec19eba5816e03a01a3c065e84a2bc58a23875cd1efc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://seb.secure294.com/privat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Tue, 07 Mar 2023 08:42:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Feb 2023 15:20:14 GMT
server
nginx
etag
W/"63ee49ae-cb1"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-xss-protection
1; mode=block
seb-digipass.png
seb.secure294.com/images/seb/
163 KB
163 KB
Image
General
Full URL
https://seb.secure294.com/images/seb/seb-digipass.png
Requested by
Host: seb.secure294.com
URL: https://seb.secure294.com/privat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU),
Reverse DNS
4SER-1676559442.ip-ptr.tech
Software
nginx /
Resource Hash
d8ee7bc0ed0e64fcad7894ca984b51f80e422d0e8674d6d35375f925ce6f5176
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://seb.secure294.com/privat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Tue, 07 Mar 2023 08:42:09 GMT
x-content-type-options
nosniff
last-modified
Thu, 16 Feb 2023 15:20:14 GMT
server
nginx
etag
"63ee49ae-28c07"
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
content-length
166919
x-xss-protection
1; mode=block
app.js
seb.secure294.com/js/seb/
210 KB
65 KB
Script
General
Full URL
https://seb.secure294.com/js/seb/app.js?id=eeb633edf060d5d5d910065fd2ed4f7d
Requested by
Host: seb.secure294.com
URL: https://seb.secure294.com/privat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU),
Reverse DNS
4SER-1676559442.ip-ptr.tech
Software
nginx /
Resource Hash
e99a696c9b905f454b2f236cd023862caa3daa83f623ecca1946525b7d5bd126
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://seb.secure294.com/privat
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Tue, 07 Mar 2023 08:42:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Feb 2023 15:20:14 GMT
server
nginx
etag
W/"63ee49ae-34977"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
fog-and-trees.jpg
id.seb.se/assets/
257 KB
258 KB
Image
General
Full URL
https://id.seb.se/assets/fog-and-trees.jpg
Requested by
Host: seb.secure294.com
URL: https://seb.secure294.com/css/seb/app.css?id=be5a5517eba0bb3968a33f1c20cd7065
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
129.178.73.10 , Sweden, ASN44320 (SEBNET-AS, SE),
Reverse DNS
id.seb.se
Software
/
Resource Hash
557a7d0a1ffc8d177fdb8aaa8e65639f07fecd9833fe04a92968e1cfad72ca5a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://seb.secure294.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Tue, 07 Mar 2023 08:42:10 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Frame-Options
deny
Last-Modified
Wed, 01 Mar 2023 14:15:05 GMT
ETag
"63ff5de9-40509"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
263433
SEBSansSerif-Medium.308ab8de3c2e2535.woff2
seb.secure294.com/fonts/seb/
34 KB
35 KB
Font
General
Full URL
https://seb.secure294.com/fonts/seb/SEBSansSerif-Medium.308ab8de3c2e2535.woff2
Requested by
Host: seb.secure294.com
URL: https://seb.secure294.com/css/seb/app.css?id=be5a5517eba0bb3968a33f1c20cd7065
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU),
Reverse DNS
4SER-1676559442.ip-ptr.tech
Software
nginx /
Resource Hash
e5ba21a307615fbf092fc168a10c45d71940ded43ce72314f6f4c02766692b50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://seb.secure294.com/css/seb/app.css?id=be5a5517eba0bb3968a33f1c20cd7065
Origin
https://seb.secure294.com
accept-language
se-SE,se;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Tue, 07 Mar 2023 08:42:09 GMT
x-content-type-options
nosniff
last-modified
Thu, 16 Feb 2023 15:20:14 GMT
server
nginx
etag
"63ee49ae-894c"
x-frame-options
SAMEORIGIN
content-type
font/woff2
accept-ranges
bytes
content-length
35148
x-xss-protection
1; mode=block
SEBSansSerif-Regular.4c7865fb24ae2790.woff2
seb.secure294.com/fonts/seb/
34 KB
34 KB
Font
General
Full URL
https://seb.secure294.com/fonts/seb/SEBSansSerif-Regular.4c7865fb24ae2790.woff2
Requested by
Host: seb.secure294.com
URL: https://seb.secure294.com/css/seb/app.css?id=be5a5517eba0bb3968a33f1c20cd7065
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU),
Reverse DNS
4SER-1676559442.ip-ptr.tech
Software
nginx /
Resource Hash
d98282f8ac6a9812ed5d19c0c1d0b96b766c011287e60af5662757ec28ecab9d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://seb.secure294.com/css/seb/app.css?id=be5a5517eba0bb3968a33f1c20cd7065
Origin
https://seb.secure294.com
accept-language
se-SE,se;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Tue, 07 Mar 2023 08:42:09 GMT
x-content-type-options
nosniff
last-modified
Thu, 16 Feb 2023 15:20:14 GMT
server
nginx
etag
"63ee49ae-88c4"
x-frame-options
SAMEORIGIN
content-type
font/woff2
accept-ranges
bytes
content-length
35012
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SEB Group (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| customerId object| preOTP1 object| preOTP2 boolean| enableSMS function| axios object| QRCode object| Alpine function| Vue

3 Cookies

Domain/Path Name / Value
seb.secure294.com/ Name: XSRF-TOKEN
Value: eyJpdiI6IjBBd280dXFaZ3RNZklDRDlYdDBGcWc9PSIsInZhbHVlIjoidkJQMzN3NHk3SkNIRXRsNmZLeXE2SWRja1dEcEZxYjkyZ0FFTjNhdjlWVy9TenRsWldhRkp0NmQ3dXo3TEt2RHIyMU00aUl6NndMVEROYW9tNkcreWZYODNMT0E0Mld2S3BVeTJvR3RVb2NycE80RURPcWlFRE4wb2JGak0yYk8iLCJtYWMiOiI1NzU0ZjU1NWUzOGEwYjJmNzkyNzExMDg5ZGYzMjk1MDU4YWZiMzI5NGRiNTIzMGU2NjQxNGIzNzc1ZDgzNGIzIiwidGFnIjoiIn0%3D
seb.secure294.com/ Name: laravel_session
Value: eyJpdiI6IjRTRG9BcGJZMDRwT3lQNlQ0RkdkQ1E9PSIsInZhbHVlIjoiVHNsbnNiRlRzdmNPdk5EdkUzYmJPOW9nTExKWFVPcWNwWkRCQlZRdUlRdjZoMmZXdTQ0RGU4RjhpQmZNaGxHQXhSajViZlE4dTVCMVJZSUpFRGRLeDJyeStkeVBCNkNMM2Zrd2dySXZuczJkNmZsS2gvQ3BKZ3cwbDdyR0pDMFkiLCJtYWMiOiIxYWMzMGEzMjdkMDk4ZWIyZjc5NzZmNDQ0ZGFjZjQxYTc0ZjNlZmZmODFkMGZkYzE5MDljOGRlZDY5NTA4NzVjIiwidGFnIjoiIn0%3D
id.seb.se/ Name: BIGipServerprd~auth-front_seb-login-client_8080_pool
Value: 1136920330.36895.0000

2 Console Messages

Source Level URL
Text
javascript warning URL: https://seb.secure294.com/privat
Message:
The resource https://seb.secure294.com/images/bankid.svg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://seb.secure294.com/privat
Message:
The resource https://seb.secure294.com/images/seb/seb-digipass.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block