During the launch of the SEP Mobile app, it is observed that a series of DNS queries are performed, many of which are for financial institution websites. This activity could be observed using a 3rd party DNS monitoring app on the user's device, or using various upstream networking devices.
These queries are used as part of SEP Mobile's patented Active Honeypot technology. This is normal, expected behavior. The Active Honeypot is used to identify Man-in-the-Middle, SSL downgrading and content manipulation attacks without violating end-user privacy.