sft-test.usbank.com
Open in
urlscan Pro
23.201.177.45
Public Scan
Effective URL: https://sft-test.usbank.com/WidgetSignon/login.html
Submission: On October 29 via manual from US — Scanned from US
Summary
TLS certificate: Issued by Entrust Certification Authority - L1M on October 3rd 2024. Valid for: a year.
This is the only time sft-test.usbank.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 16 | 23.201.177.45 23.201.177.45 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2600:141b:1c0... 2600:141b:1c00:2581::39f0 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
19 | 4 |
ASN16625 (AKAMAI-AS, US)
PTR: a23-201-177-45.deploy.static.akamaitechnologies.com
sft-test.usbank.com | |
uat2-onlinebanking.usbank.com | |
uat1-onlinebanking.usbank.com | |
alpha-api.usbank.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
usbank.com
1 redirects
sft-test.usbank.com uat2-onlinebanking.usbank.com uat1-onlinebanking.usbank.com — Cisco Umbrella Rank: 227496 alpha-api.usbank.com content.usbank.com — Cisco Umbrella Rank: 26848 uat4-onlinebanking.usbank.com Failed |
1 MB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 791 |
31 KB |
19 | 2 |
Domain | Requested by | |
---|---|---|
7 | sft-test.usbank.com |
1 redirects
sft-test.usbank.com
|
4 | uat1-onlinebanking.usbank.com |
sft-test.usbank.com
uat1-onlinebanking.usbank.com |
3 | uat2-onlinebanking.usbank.com |
sft-test.usbank.com
|
2 | alpha-api.usbank.com |
uat1-onlinebanking.usbank.com
|
1 | content.usbank.com | |
1 | code.jquery.com |
sft-test.usbank.com
|
0 | uat4-onlinebanking.usbank.com Failed |
uat1-onlinebanking.usbank.com
|
19 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
uat5.www.usbank.com Entrust Certification Authority - L1M |
2024-10-03 - 2025-11-03 |
a year | crt.sh |
*.jquery.com Sectigo ECC Domain Validation Secure Server CA |
2024-06-25 - 2025-06-25 |
a year | crt.sh |
usb.usbank.com Entrust Certification Authority - L1M |
2024-06-27 - 2025-07-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sft-test.usbank.com/WidgetSignon/login.html
Frame ID: 9D0B9708DE7DF46FBF6A83CC974A8ECD
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
U.S. Bank Secure File TransferPage URL History Show full URLs
-
https://sft-test.usbank.com/
HTTP 302
https://sft-test.usbank.com/WidgetSignon/login.html Page URL
Detected technologies
Akamai Bot Manager (Security) ExpandDetected patterns
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://sft-test.usbank.com/
HTTP 302
https://sft-test.usbank.com/WidgetSignon/login.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.html
sft-test.usbank.com/WidgetSignon/ Redirect Chain
|
11 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
sft-test.usbank.com/WidgetSignon/resources/ |
10 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
code.jquery.com/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylesheet.css
sft-test.usbank.com/WidgetSignon/resources/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
react.production.min.js
uat2-onlinebanking.usbank.com/auth/login/staticlibs/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
react-dom.production.min.js
uat2-onlinebanking.usbank.com/auth/login/staticlibs/ |
116 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
uat1-onlinebanking.usbank.com/auth/login/wmf/micro-app-loader/dist/umd/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
babel.min.js
uat2-onlinebanking.usbank.com/auth/login/staticlibs/ |
3 MB 612 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
USBankLogo.gif
sft-test.usbank.com/WidgetSignon/resources/ |
2 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MastheadBkgd_Map.gif
sft-test.usbank.com/WidgetSignon/resources/ |
6 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
manifest.json
uat1-onlinebanking.usbank.com/auth/login/wmf/latest/ |
2 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
sft-test.usbank.com/ |
1 KB 2 KB |
Other
image/ico |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-5df5c035009cb6a85565.js
uat1-onlinebanking.usbank.com/auth/login/wmf/latest/ |
2 MB 440 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
config
alpha-api.usbank.com/authentication/customer-auth/app-config/v1/ |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HelveticaNeueLTW04-55Roman.woff2
content.usbank.com/content/dam/onlinebanking/common/static/fonts/ |
41 KB 42 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
config
alpha-api.usbank.com/authentication/customer-auth/app-config/v1/ |
2 KB 4 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
23-84407b6d1ad660b54e36.js
uat1-onlinebanking.usbank.com/auth/login/wmf/latest/ |
413 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
browser-log-transport
uat4-onlinebanking.usbank.com/digital/servicing/logging/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
browser-log-transport
uat4-onlinebanking.usbank.com/digital/servicing/logging/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- uat4-onlinebanking.usbank.com
- URL
- https://uat4-onlinebanking.usbank.com/digital/servicing/logging/browser-log-transport
- Domain
- uat4-onlinebanking.usbank.com
- URL
- https://uat4-onlinebanking.usbank.com/digital/servicing/logging/browser-log-transport
Verdicts & Comments Add Verdict or Comment
42 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| ssoMsgText string| ssoMsgType string| loginForm1 string| initPageParm object| tempElem string| ssoMsgOnly string| loginURL string| logoutURL string| changePwURL function| genTopErrorMsg function| gotoLogin function| logout function| initialize function| goBack function| addPwdPolicies function| openCopyrightNotice function| changePassword function| setUpMessage function| popupMessage function| initPage function| $ function| jQuery object| React object| ReactDOM function| DS object| Babel object| antiClickjack object| header object| configSettings function| onTransmitAuthorizationSuccess function| onTransmitAuthorizationFailure object| process object| USBAuthLoginModule object| webpackChunkUSBAuthLoginModule object| appDTimers object| com object| aesjs object| elliptic function| sha256 function| sha224 object| __XMSDK_PLUGINS string| ConfigAppID6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.usbank.com/ | Name: SSOTOKEN Value: |
|
.usbank.com/ | Name: SSOPP Value: |
|
sft-test.usbank.com/ | Name: FILEGATEWAY-TEST Value: !clnGnpuqdHOKv5yOOPzTveyzLVnx7kCcOt/FdFMisQqqONxv63E4i09MgE1Jn52FzLka2o/D//PZxA== |
|
.usbank.com/ | Name: _abck Value: B7654777992043842300F0A313ED8078~-1~YAAQrSTDFy8c5cqSAQAAE8+P2QyUeTbnxZ01cVttnzMwt8JwmOeo/AD9GBEO7C06iaF2GQO+Q3I3PUW0L77blsInImAZIhg7/Li2w16A7s9oXYwVPNy8NlRmaInwucauxAkzImJXPS5q5mtF4VO7xGVbPWxNmDbWgKPD3bzr2zCxNXbSfT/DUqLQ74Np/ZOVZn8Yb3sB9bgAJbt1N8sgvWb5gff0JWSUyXQfXQreMY2RtgOJNnKRue24D6j9lR0pEiSI8dbzk6niIVr8/Gb1qg/I9vC1sjOtoBGHCeKZIhkJ4L5+9uU136r80aASDibxFdg3Da3AZ0iw1Ko0j8Fgxh895WXY7w1OYChE8qrnAPgh00r552N2V2KpeyLeSrj+uBDBsK8/IFnhQB+kna57oQ6hs52ulj+9H/xD4Q==~-1~-1~-1 |
|
.usbank.com/ | Name: SspWebSessionId Value: F38d213f1eAb47E920Da |
|
.usbank.com/ | Name: bm_sz Value: 58059EA5FB747B382D6084D36E91EFB4~YAAQrSTDF3gd5cqSAQAAcNCP2RlBlmYEeccz6CcJsQ8/ipZT2PEcUKk5B6jJKrCcXHGQvBmpRfyHqUgvs0WP+dgVkDmUsp2k2be0Ud9NeUs3fCjA7wYhHhkierP9dlFKkmaQ7ViidozuKi2a7KTIDNzgyDSQXS8I9WL88xHqoIywx+L8py6bGDJvXc0/P41/temTb6DHeYl5qepWjvbmWQArgjtavmmqHTvBVNCtkR8KAGHImJ6AgB5FoO9PwcjTUCCTOK6o25mNBcd6vP2ZOoiwH491p/fGC0CUWGfX/AbhzbMY4srohyZv1ccoiU8sNC5BSLU+HkDwDlURSh9xdx3nYvSoM8USwTAsdh9W5Ba3pTRGQH0fn0G4lghll1gOvg+tXigjFjL2KbPt2b1iTErt~4470593~3224886 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests |
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
alpha-api.usbank.com
code.jquery.com
content.usbank.com
sft-test.usbank.com
uat1-onlinebanking.usbank.com
uat2-onlinebanking.usbank.com
uat4-onlinebanking.usbank.com
uat4-onlinebanking.usbank.com
23.201.177.45
2600:141b:1c00:2581::39f0
2a04:4e42:200::649
12c33cc8b95f6d0b95ff21dceac7deaad5063bb8dc50ac5474225f755231fc51
23f98395289b452c8a2dfa7c37dea3eb4573715371a25cb85350166238d083dc
39b11e57638505b6f5670ab39710fd79a07f7e4b2d733abc56c94059cbd60002
4949f4e1cff9e8a960b44c9a8be70bc4bb10216eb4d0123ca61753e0908a0f87
52a434e3d3fd0983c35a5906915d38834134c4bbaa2c45660a3a6075369b4a22
561becff48f6dbededbef25320b3b8a40dafaae21863a7f192c4f473c84c1fad
5cef9367d2bcaba25b74d20e0e139d2cf900e9123e5fde26101aee7f40f6b5cf
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
a67a1835da218eb262645a0730914825282ea91cf66a777b5ff82b50118f641f
a85c98aca7f14ff02c722538988491eca8a5541970f7be7112938b1e35083ee4
be7a2dbd8e1b36e2e50ef810483459e5d1569245dc4180dc7a64a65889328c03
c21e24565a91e86c9b2aff8708df0fa0dd50ececc698664adc1ec6abfa3cc768
cc0b141f008b53b53620f9219db64c192a575a5fb88c95f77eb19356d7cc4bd8
e69a2319267a92158d3fb757b0c28b21c4eaa1debeb386683a3bc34ec5cfb71a
eaa193b0f8fd41dcafc4f08c208ff4d3ea4981955a44fe2c519f022bc83551c4
f0d0bf9731f51367f0cafa9b577e7cc77c1532e7c66b27bd51f7c8bb670d05d6