![](/screenshots/9a3e6bbd-3b1a-42cd-a2b6-3b88371b9dce.png)
www.se-regionsbank.com
Open in
urlscan Pro
35.237.16.154
Malicious Activity!
Public Scan
Effective URL: https://www.se-regionsbank.com/a50dd/
Submission: On July 14 via automatic, source certstream-suspicious — Scanned from SE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 14th 2022. Valid for: 3 months.
This is the only time www.se-regionsbank.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Regions Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 15 | 35.237.16.154 35.237.16.154 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 159.45.2.177 159.45.2.177 | 10837 (WELLSFARG...) (WELLSFARGO-10837) | |
14 | 2 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 154.16.237.35.bc.googleusercontent.com
www.se-regionsbank.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
se-regionsbank.com
2 redirects
www.se-regionsbank.com |
688 KB |
1 |
wellsfargo.com
apply.wellsfargo.com — Cisco Umbrella Rank: 54131 |
2 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
15 | www.se-regionsbank.com |
2 redirects
www.se-regionsbank.com
|
1 | apply.wellsfargo.com |
www.se-regionsbank.com
|
14 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
se-regionsbank.com cPanel, Inc. Certification Authority |
2022-07-14 - 2022-10-12 |
3 months | crt.sh |
apply.wellsfargo.com Wells Fargo Public Trust Certification Authority 01 G2 |
2022-05-18 - 2023-05-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.se-regionsbank.com/a50dd/
Frame ID: 6FFBA8D9EEE038A9963CDF17008B69D5
Requests: 14 HTTP requests in this frame
Screenshot
![](/screenshots/9a3e6bbd-3b1a-42cd-a2b6-3b88371b9dce.png)
Page Title
Regions Online Banking - VerificationPage URL History Show full URLs
-
https://www.se-regionsbank.com/
HTTP 302
https://www.se-regionsbank.com/a50dd HTTP 301
https://www.se-regionsbank.com/a50dd/ Page URL
Detected technologies
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.se-regionsbank.com/
HTTP 302
https://www.se-regionsbank.com/a50dd HTTP 301
https://www.se-regionsbank.com/a50dd/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.se-regionsbank.com/a50dd/ Redirect Chain
|
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
com-regions.min.css
www.se-regionsbank.com/a50dd/Assets/cdx/Assets/Themes/Desktop/Shared/ResponsiveCore/ |
250 KB 250 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
combined.css.d29a50bbb70d0c0a23215edec79ea1cd7aec5528974e270207f957109a0963d0.css
www.se-regionsbank.com/a50dd/Assets/cdx/Themes/Desktop/Shared/fiserv.ps.customerservice/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
combined.css.dd3247782798b09752f4758c2f290fc0e6a87f98411f2b8eed6571d84e603c71.css
www.se-regionsbank.com/a50dd/Assets/cdx/Themes/Desktop/Shared/fiserv.ps.customerservice/ |
149 KB 149 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
regions-logo-no-r.svg
www.se-regionsbank.com/a50dd/Assets/Images/ |
5 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
visa.svg
apply.wellsfargo.com/assets/images/osmp/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
equal-housing-lender.svg
www.se-regionsbank.com/a50dd/Assets/Images/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
member-fdic.svg
www.se-regionsbank.com/a50dd/Assets/Images/ |
6 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
www.se-regionsbank.com/a50dd/Assets/ |
156 KB 156 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js
www.se-regionsbank.com/a50dd/Assets/ |
34 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form.js
www.se-regionsbank.com/a50dd/Assets/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mask.js
www.se-regionsbank.com/a50dd/Assets/ |
20 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
source-sans-pro-700-webfont.woff
www.se-regionsbank.com/a50dd/Assets/cdx/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/ |
18 KB 19 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
source-sans-pro-regular-webfont.woff
www.se-regionsbank.com/a50dd/Assets/cdx/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/ |
19 KB 19 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Regions Bank (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| formatString function| formats function| numberValidation function| $ function| jQuery2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.se-regionsbank.com/ | Name: PHPSESSID Value: d1ea5d09545b7575e4d1282651f93c9e |
|
apply.wellsfargo.com/ | Name: ISD_OSM_COOKIE Value: bHFK1cp93dqffDVVL0p/QMrUKfYIPxZ0gyYZWYhboWrMDEIYubUwTdBuD0Z8wCWXxJWWRoBUkdASKx4AAAAB |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apply.wellsfargo.com
www.se-regionsbank.com
159.45.2.177
35.237.16.154
1aa4c1bbce0d546e38542fb5e118914a75cf8f2013adfe59416e2626bc071d35
2ec13872d1c04136834372351ffbab078b67263e84f98d9b4c546c521ef85d7f
420bf3610d128e741b67e83c3b4ead9f589725cfdb0e1a2c34aa09b4cf8b9c1e
44539b5f80bc87b91fba5dab40e5b8105c99d3ba5e07375d41c49679c9206564
89db88fadaf63fd4e91d869fed81834918debd6eacbe6e47b5ad54e061996aed
8b69a3707a2ef4a748dd6c9923a1fa17d1ed5d32eee6e60240540217cf30b324
8cd9ec1f69dc5eae76225efcb7e0e4f067d70f6d67f936b4ba98f6e7c317ece2
912f72af9fe61099bc2452960df7b72ee662d5c3e6188ab246767de1fe367913
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
c76d1157888f0e90d43d4a1d347081f2c6aa56b4fdd4f30950d421fef844756f
d29a50bbb70d0c0a23215edec79ea1cd7aec5528974e270207f957109a0963d0
d8b85623959a782c7fce40f2c449dd48487caa5dd988dc7d4a3f19ea78c2b9bc
e4bc94279e093f25720c2867e7a08dbfaaa140636f11eab5ac4e204a93a3751e
f59dc66c08474ec52a21ab66cd6ba46a4e4ace29b0b82e2306add18741ae9c2a